Overview
Vanta integrates with OpenAI to monitor and manage user access to your OpenAI organization. By synchronizing user and role data, Vanta helps ensure that only active employees retain access and that access is promptly removed when personnel leave—supporting automated compliance workflows, streamlined access reviews, and structured access requests.
Estimated setup time: Less than 10 minutes
How it works
Vanta connects to OpenAI and synchronizes user data on a recurring basis. This data powers the following workflows within Vanta:
Automated compliance tests: Vanta verifies that OpenAI accounts are linked to active employees and are deprovisioned when personnel leave the organization.
Access Reviews: Synced users are surfaced in Vanta's Access Reviews. Approvers can validate whether access remains appropriate, confirm least-privilege alignment, and generate audit-ready evidence.
Access Requests: OpenAI roles are imported into Vanta. Requesters can submit access requests for specific roles, approvers can review requests with appropriate context, and system administrators can track provisioning activity.
Automated Deprovisioning: When an employee is offboarded in Vanta, their OpenAI access can be revoked directly from Vanta. This requires the connected API key to be an organization-level Admin API key. For a full walkthrough of the offboarding workflow in Vanta, refer to Offboarding Personnel.
Use cases
Connecting OpenAI to Vanta enables you to:
Monitor and manage personnel access to your OpenAI organization
Ensure that only active employees retain access
Simplify access reviews and support compliance requirements
Automatically remove user access through Vanta
Prerequisites
To connect the OpenAI integration, you must have:
A Vanta administrator account
An Organization Owner role in OpenAI (required to access and generate organization-level Admin API keys)
An OpenAI organization-level Admin Read/Write API key (generated from your organization's admin key settings)
Your OpenAI Organization ID
Connect the integration
Step 1: In Vanta, navigate to the Integrations tab and search for OpenAI.
Step 2: Click View details, then select Connect.
Step 3: Click Add OpenAI Credentials.
Step 4: You will be prompted to enter your API key and the Organization ID.
Step 5: Log in to your OpenAI account and navigate to Organization Settings. Copy the Organization ID.
Step 6: Then, Navigate to API Keys in your OpenAI account. Create a new API key with Read/Write permissions. Copy the generated API key.
Step 7: Return to Vanta and paste the Organization ID and API key into the corresponding fields. Click Validate and store.
Step 8: A confirmation message will appear indicating that the connection was established.
Employees will appear in Vanta within approximately 30 minutes.
Note: To enable automated access deprovisioning (removing users directly from Vanta), the API key used to establish the connection must be an organization-level Admin API key. If you originally connected using a personal API key, disconnect the integration and reconnect using an organization-level Admin key.
Capabilities
The OpenAI integration supports the following resources and workflows within Vanta. The table below outlines which objects are supported, how they are used (for example, Access Reviews, Access Requests, or Automated Tests), and any limitations imposed by the OpenAI API.
Resource | Supported | Usage |
Users | ✅ | |
Groups | ❌ | Not supported by OpenAI API |
Roles/Entitlements | ✅ | |
Last Login | ❌ | Not provided by OpenAI API |
Access Deprovisioning | ✅ | Remove users directly from Vanta (requires organization-level Admin API key) |
Permissions
Vanta accesses the following data from the OpenAI API:
Read access
Vanta can access:
User data: Used to verify that only active employees retain access to your OpenAI organization and that terminated employees are deprovisioned promptly.
Write access
When automated access deprovisioning is enabled, Vanta can:
Remove organization members from OpenAI
This action is only available if the connected OpenAI account has an organization-level Admin API key.