Connecting Vanta & Docebo

Compliance teams that use Docebo to deliver security awareness training and need to demonstrate completion in Vanta

Teams managing training requirements across multiple compliance frameworks, such as SOC 2, HIPAA, PCI DSS, or GDPR

Organizations running more than one Docebo instance that need consolidated training visibility in Vanta

Training Completion Tracking: Connect Docebo and Vanta automatically syncs each employee's enrollment and completion status across your training courses. Completion data updates approximately every hour, so Vanta always reflects current status without manual uploads or spreadsheet exports.

Automated Compliance Tests: Once you map your Docebo courses to compliance categories in Vanta, we run up to 11 automated tests on your behalf — verifying that employees have completed required training. We also verify that Docebo accounts are linked to active employees and that access is revoked when someone leaves.

Evidence Collection: Synced training records feed directly into Vanta's evidence library for supported compliance frameworks. Instead of collecting and uploading completion reports before each audit, we keep that evidence current automatically.

Access Reviews: Docebo user accounts are surfaced in Vanta's Access Reviews. Reviewers can confirm whether access remains appropriate and generate audit-ready evidence from the same synced data.

Course Assignment: After connecting, you can map individual Docebo courses to specific compliance categories directly in Vanta's integration settings. This controls which completions count toward which tests, so you have precise control over how training maps to your compliance requirements.

Learner accounts — active users in your Docebo instance, including name, email, and account metadata. Used to match employees to Vanta personnel records and evaluate who has completed required training.

Training courses — all courses in your Docebo instance. Used to populate the course mapping interface in Vanta so you can assign courses to SAT categories.

Course enrollments and completions — enrollment and completion records for each learner. Used to evaluate training completion against assigned SAT categories and generate evidence in Vanta.

You have a Vanta admin account.

You have a Docebo admin account (or admin access) sufficient to create and manage OAuth applications.

You know your Docebo organization name (this is the subdomain of your Docebo URL). For example, if your instance is https://acme.docebosaas.com the organization name is acme.

You have an OAuth 2.0 application configured in your Docebo admin dashboard. This generates the Client ID and Client Secret you will need during setup.

Employees have email addresses in Docebo that match their Vanta personnel records exactly. Domain aliases will prevent a match.

Training courses are already created and assigned to users in Docebo before connecting. We sync enrollment and completion data for existing assignments only.

Log in to your Docebo admin panel.

Go to Settings (the gear icon) on the upper right menu.

From there, click Manage under the API and SSO section.

Then select API credentials under the API and SSO menu.

Click Add OAuth2 App.

Fill in the following fields:

Click Show advanced settings and confirm that Authorization code + implicit grant is enabled under Grant types.

Click Confirm. Copy the Client Secret before closing — you will need it in the next steps.

Activate the app by clicking the status toggle and confirming it turns green.

In Vanta, go to Integrations.

Search for Docebo in the Available tab.

Click View details and then click Connect.

Click Add Account.

Fill in the following fields:

Click Save and authorize.

Vanta redirects you to your Docebo instance.

Click Authorize to grant Vanta access.

Docebo redirects you back to Vanta automatically. The Choose security assignments modal will open so you can continue the setup.

Click Add an assignment.

Click Choose an assignment and select the course.

Select the training categories you want to assign to the course.

In Vanta, go to Personnel and then go to People. Select the Groups tab. Then click the group you want to configure (for example, Engineering).

On the group’s page, find the row labeled Trainings and open it. A modal opens where you can configure training for this group.

Each available training category appears as a toggle (General is always first). Turn on the toggle for every category employees in this group must complete.

When you turn a category on, three source options appear:

To use Docebo, select Integration training. To change which Docebo assignments are used for a category, click the three dot menu on the card and choose Edit.

Click Save inside the Manage trainings modal. The modal closes and you return to the group’s page. Your changes are not applied yet.

On the group’s page, click Save to review your changes. The Review changes and save modal opens, summarizing what is about to change.

Click Save in the Review changes and save modal to confirm. Employees in this group will now see the assigned Docebo training in their tasks.

A confirmation dialog appears: You updated tasks for [group name]. From here you can:

Likely cause: The organization name, Client ID, or Client Secret is incorrect, or the OAuth application in Docebo is inactive or misconfigured.

How to confirm: Verify the organization name is your Docebo subdomain only — for example, acme, not acme.docebosaas.com. Check that the OAuth application is active in your Docebo admin settings and that the Client ID and Secret match what Docebo shows.

Fix: Correct any mismatched values and try again. If the Client Secret has expired or been rotated in Docebo, regenerate it and re-enter the new value in Vanta.

Likely cause: The OAuth token expired or access was revoked in Docebo. When we are unable to authenticate during a sync, we disconnect the integration to prevent stale or incomplete data from persisting in Vanta.

How to confirm: Check whether the OAuth application in Docebo is still active and whether the account that authorized the connection is still enabled.

Fix: Reconnect the integration from the Integrations page in Vanta. In most cases, reconnecting re-enables the existing connection and triggers a new sync. If the OAuth application in Docebo is still valid, you will not need to re-enter your credentials. In rare cases, you may need to remove the connection and set it up again.

Likely cause: The affected users are inactive in Docebo. We only sync users with an active status — suspended or deactivated accounts are excluded.

How to confirm: Check the user's status in your Docebo instance. Users with an inactive or suspended status will not appear in Vanta.

Fix: If the user should be in scope for training, reactivate their account in Docebo and allow the next sync to run. If the user is intentionally deactivated, no action is needed.

Likely cause: The email address on the Docebo learner account does not match the email on the corresponding Vanta personnel record.

How to confirm: Compare the email on the learner's Docebo profile with the email on their Vanta personnel record.

Fix: Ensure email addresses match exactly across both systems. If an employee has been rehired or has multiple personnel records in Vanta, confirm that the current active record uses the correct email.

Likely cause: The courses have not been mapped to a SAT category in Vanta. Synced courses that are not assigned to a category will not count toward any compliance requirement.

How to confirm: In Vanta, open the Docebo integration settings and check whether the relevant courses have been assigned to one or more SAT categories.

Fix: Open the integration settings, assign the courses to the appropriate categories (for example, General SAT or HIPAA), and save. The updated mappings will apply on the next sync.