Purpose
Vanta uses an inbuilt Auth0 Management API to perform security checks for access review.
(The API should be visible under the APIs tab of an Auth0 dashboard)
In order to use this API, you must have an authorized machine-to-machine application created on their Auth0 accounts before integrating to Vanta.
This document provides a step-by-step guide to achieve that.
Pre-requisites
This document assumes that the customer has an Auth0 account set up already.
Instructions
Alternatively, the application can be created from the Applications board, by clicking on the Create Application button and following Auth0’s instructions. More details here.
Next, make sure the new application has the proper permissions to execute the endpoints Vanta requires to make the security tests.
Under the Management API’s Machine To Machine Applications tab, make sure the new application (Auth0 Management API (Test Application) in this case) is authorized to make requests to the API by checking the Authorized toggle at the bottom right of the screen.
Now, add the following permissions to the new Application by collapsing the Authorized chevron down and clicking on the next checkboxes from the Permissions section.
The following table lists all the required permissions to select in order to authorize the minimum set of APIs that Vanta needs to perform its security checks:Next, we need to get the new application’s integration parameters for the integration, as well as enabling the correct Grant Type to the app so Vanta can authenticate properly to hit the Management API.
First, we’ll select the newly created application from the Applications panel.