1. Vanta
  2. Integrations
  3. Identity Providers

Identity Providers

Auth0 Integration - Set Management API Application Guide

  • Updated

Purpose

Vanta uses an inbuilt Auth0 Management API to perform security checks for access review.

 
1.png
 

(The API should be visible under the APIs tab of an Auth0 dashboard)

In order to use this API, you must have an authorized machine-to-machine application created on their Auth0 accounts before integrating to Vanta.

This document provides a step-by-step guide to achieve that.

 

Pre-requisites

This document assumes that the customer has an Auth0  account set up already.

Instructions

Alternatively, the application can be created from the Applications board, by clicking on the Create Application button and following Auth0’s instructions. More details here.

mceclip1.png
 
 

Next, make sure the new application has the proper permissions to execute the endpoints Vanta requires to make the security tests.


Under the Management API’s Machine To Machine Applications tab, make sure the new application (Auth0 Management API (Test Application) in this case) is authorized to make requests to the API by checking the Authorized toggle at the bottom right of the screen.mceclip3.png
 

Now, add the following permissions to the new Application by collapsing the Authorized chevron down and clicking on the next checkboxes from the Permissions section.

The following table lists all the required permissions to select in order to authorize the minimum set of APIs that Vanta needs to perform its security checks:
mceclip9.pngmceclip4.png
 
 
 

Next, we need to get the new application’s integration parameters for the integration, as well as enabling the correct Grant Type to the app so Vanta can authenticate properly to hit the Management API.

First, we’ll select the newly created application from the Applications panel.

mceclip5.png
 
By clicking on the recently created application, the info required to integrate an Auth0 app with Vanta will be displayed under the Settings tab.
mceclip6.png
 
The Domain, Client Id and Client Secret fields are the necessary integrations params to successfully link the application to Vanta.
mceclip7.png
 
 
Finally, activate the client credentials grant type on the Advanced Settings -> Grant Types section of the Settings tab.
mceclip8.png
 
With that setup, the new application should be ready to be integrated!

Was this article helpful?

Have more questions? Submit a request