Overview
Vanta integrates with Rippling via OAuth to sync employee records, managed device inventory, and background check status. Once connected, this integration supports compliance monitoring and evidence collection. This integration is most useful for companies that use Rippling as their primary HR system, MDM provider, or background check platform and want to reduce manual compliance work in Vanta.
We support three Rippling products under a single connection:
HRIS: syncs employee records including hire dates, termination dates, employment type, and leave data
MDM: syncs managed computer inventory including encryption, screenlock, and installed software
Background checker: syncs background check status for employees
You can connect one, two, or all three products during setup. Each product you turn on must be active in your Rippling account.
⚠️Note: Selecting a product you don't have will cause sync errors.
Estimated setup time: 5-10 minutes
Use cases and capabilities
Employee records and HR compliance – We sync active and terminated employees from Rippling to support onboarding and offboarding workflows, access reviews, and HR compliance tracking. Contractor vs. employee status, start and end dates, and upcoming approved leave are all included.
Device compliance (MDM) – We sync managed computer inventory from Rippling MDM to power device compliance checks, including full-disk encryption, screenlock, password manager detection, and antivirus detection. Only desktops and laptops with a serial number are synced — mobile devices, tablets, and devices without serial numbers are excluded.
Background check tracking – We pull background check status from Rippling to monitor whether employees have completed background checks, powering compliance tests without manual tracking.
Capabilities summary
Resource/capability | Supported | How it is used in Vanta |
Employees (active) | Yes | Access reviews, onboarding/offboarding tracking, automated tests |
Employees (terminated) | Yes | Offboarding compliance, historical records |
Employment type (employee vs contractor) | Yes | Access reviews, compliance classification |
Employee leave data | Yes | HR compliance, upcoming leave visibility |
Managed computers (desktops/laptops) | Yes | Device inventory, encryption and screenlock checks, software auditing |
Mobile devices/tablets | No | Not synced |
Password manager detection | Yes | Device compliance tests |
Antivirus detection | Yes | Device compliance tests |
Background check status | Yes | Background check compliance tests, evidence collection |
Background check completion date | Partial | Uses employee start date as proxy – actual completion data is not available from Rippling |
Prerequisites
Vanta admin account
Rippling admin account (the OAuth authorization inherits the permissions of the connecting user, so the connecting user must have full admin access)
Rippling’s Identity and Access Management (IAM) product (this is required for the OAuth connection to work)
Read access to Leaves in Rippling (if you want leave tracking data to appear in Vanta)
Each Rippling product you turn on in Vanta (HRIS, MDM, Background checker) must be active in your Rippling account
⚠️ Important: Only one HR provider can be connected in Vanta at a time. If you already have a different HR system connected, you must disconnect it before connecting Rippling HRIS.
Setup guide
From the Integrations section in Vanta, select the Available tab and search for Rippling.
Click View details and then Connect.
Select which Rippling services you wish to connect with Vanta
Human Resource Information System (HRIS)
Mobile Device Management (MDM) to demonstrate employee computers are configured securely
Background checker
Click Next.
Click Connect Rippling.
You'll be redirected to the Rippling sign-in page. Be sure to sign in using your Rippling admin account.
ℹ️ Note: If you are the Administrator in Rippling but not in Vanta, you can invite the person who can connect Vanta to Rippling.
Review the list of data Vanta is requesting access to and click Authorize.
Click Continue to be automatically redirected to the Vanta Integrations page.
ℹ️ For HRIS Connections: You'll be prompted to set a cutoff date. This determines which employees are imported. Vanta will include employees who were active on or after this date. This date can be edited at a later time from the integration settings.
⚠️ Important: Complete this step carefully. Clicking outside the cutoff date dialog without saving will leave the date blank, which may cause employees to be missing from Vanta. If this happens go to Integrations → Manage → Edit Cutoff Date to set it.
Your connection is complete! Depending on the number of resources to be synced, these can take some time to be populated. You can configure scope at a later time by clicking on Configure Scope on the Integrations page in Vanta.
Verification and validation
Where to find synced data
After setup, data appears in Personnel → People (employees), Personnel → Computers (devices), Personnel → People → Background checks (background checks), and Tests (automated tests).
What to check if data is missing
Data missing | What to check |
Employees | Verify the cutoff date is set: Integrations → Connected → Manage → Edit cutoff date |
Devices | Confirm MDM is active in Rippling and the device is a desktop or laptop with a serial number |
Background checks | Confirm Background checker is active in Rippling |
Leave data | Confirm the connecting Rippling user has Read access to Leaves; reconnect if the permission as added after initial setup |
Permissions
We use the connection to read employee records, pull device inventory reports, and retrieve background check status. We also initiate report generation in Rippling (for MDM and background check data) by requesting that Rippling compile a report. This doesn't create or modify any customer data in Rippling.
Permissions details
Permission | Description | Use cases |
employee:name:read | Read employee first name, last name. | We identify employees for access reviews and compliance tracking. |
employee:employmentType:read | Read employee employment type. | We identify whether employees are full-time, part-time, or contractors. |
employee:title:read | Read employee job title. | We pull in job title information for employee records. |
employee:workEmail:read | Read employee work email. | We match employees across systems for access reviews. |
employee:startDate:read | Read employee hire date. | We track employee onboarding dates. |
employee:endDate:read | Read employee termination date. | We track employee offboarding and termination dates. |
employee:roleState:read | Read employee status. | We determine whether employees are active or inactive. |
employee:department:read | Read employee department. | We pull in department assignments for employee records. |
employee:read | System scope for employee data access. | Required system-level permission for reading employee records. |
reports:hardware:read | Read hardware report. | We pull in device inventory data for MDM compliance. |
reports:hardware:write | Write hardware report. | We request that Rippling generate a hardware inventory report, then read the resulting device data for MDM compliance. |
reports:soc2:read | Read SOC 2 report. | We pull in background check status reports for compliance. |
reports:soc2:write | Write SOC 2 report. | We request that Rippling generate a background check status report, then read the results for compliance tracking. |
company:leave_requests:read | Read company leave request records. | We pull in employee leave request data including leave types, dates, and approval status. |
Write access
Our write access to Rippling is limited to initiating report generation. This triggers Rippling to compile a report (Hardware, SOC 2) that we then read. No employee records, device records, or customer data are created or modified by us in Rippling. We do not create, modify, or store any documents in your Rippling account.
Troubleshooting and FAQs
Issue: Connection fails at authorization
Likely cause: The connecting user lacks Rippling admin permissions, or the Rippling account doesn't include the IAM product.
Fix: Use a Rippling administrator account to reconnect. If your account doesn't include IAM, confirm your plan with Rippling before retrying.
Issue: 400 error or integration disconnects after setup
Likely cause: A product was selected in Vanta (HRIS, MDM, or Background checker) that is not active in your Rippling account.
Fix: Go to Integrations → Rippling → Reconnect and select only the products active in your Rippling account.
Issue: Leave data is missing
Cause: The connecting Rippling user doesn't have Read access to Leaves, or this permission was added after the initial connection was made.
Fix: Confirm the permission is assigned in Rippling, then go to Integrations → Rippling → Reconnect. Leave data will sync after reconnection.