Connecting Vanta & Orca Security
- From the Integrations page, search for Orca Security and select Connect 
 
- Ensure Orca Vulnerability Scanner is toggled On 
- click Next, and you will be taken to the Setup API Token step. 
- In this step, you will need to provide the region your account is in, as there is a different API token for every region 
- Navigate to your Orca Security Platform and log in using your personal credentials. 
- Go to the API tokens page. 
- Click on the Add API Token button to open the Add API Token modal and configure a new API token. 
- Set Vanta App Token as the name and Vanta's read-only access token as the description. 
- Set the expiration date to two years from today. 
 - We want to set the expiration date as not setting any is a security concern. 
 
- Check the Service Token checkbox. 
- Set the Role as Internal Viewer. 
 - We need this role as we need to be able to list your users for the Access connection and the vulnerabilities and assets for the Orca Security Vulnerability Scanner integration. 
 
- Set the desired scope. 
 - If you want us to monitor just some of your assets and accounts, check Scope access to specific resources and configure which ones you want us to be able to view. Otherwise, leave it unchecked. 
 
- Click on Add and then copy and paste the displayed API token into the box 
- Select Done 
What happens if the token expires or I delete it for some reason?
- You will need to get another one following the exact instructions. For this, you will have to find the Orca Security integration card again, but you can go to Manage and Edit in the pop-up menu that comes up. 
 
- This will take you to a flow that is visibly the same as the connection from scratch, but this time, we’ll update the credential instead of creating another one. As the person reconnecting the integration might not be the same as the one who connected it in the first place, we provide all the instructions again like they were the first time. 
 
 
 
