Auth0 Integration - Set Management API Application Guide

  • Updated


Vanta uses an inbuilt Auth0 Management API to perform security checks for access review.


(The API should be visible under the APIs tab of an Auth0 dashboard)

In order to use this API, you must have an authorized machine-to-machine application created on their Auth0 accounts before integrating to Vanta.

This document provides a step-by-step guide to achieve that.



This document assumes that the customer has an Auth0  account set up already.


Alternatively, the application can be created from the Applications board, by clicking on the Create Application button and following Auth0’s instructions. More details here.


Next, make sure the new application has the proper permissions to execute the endpoints Vanta requires to make the security tests.

Under the Management API’s Machine To Machine Applications tab, make sure the new application (Auth0 Management API (Test Application) in this case) is authorized to make requests to the API by checking the Authorized toggle at the bottom right of the screen.mceclip3.png

Now, add the following permissions to the new Application by collapsing the Authorized chevron down and clicking on the next checkboxes from the Permissions section.

The following table lists all the required permissions to select in order to authorize the minimum set of APIs that Vanta needs to perform its security checks:

Next, we need to get the new application’s integration parameters for the integration, as well as enabling the correct Grant Type to the app so Vanta can authenticate properly to hit the Management API.

First, we’ll select the newly created application from the Applications panel.

By clicking on the recently created application, the info required to integrate an Auth0 app with Vanta will be displayed under the Settings tab.
The Domain, Client Id and Client Secret fields are the necessary integrations params to successfully link the application to Vanta.
Finally, activate the client credentials grant type on the Advanced Settings -> Grant Types section of the Settings tab.
With that setup, the new application should be ready to be integrated!

Was this article helpful?

Have more questions? Submit a request