Vanta uses an inbuilt Auth0 Management API to perform security checks for access review. You can see it under the APIs tab of your Auth0 dashboard.
This document assumes that you have an Auth0 account set up already.
Create Auth0 Application
Please look for the APIs panel and create a new application by clicking the Create Application button.
A modal to create a new application will appear. Name your application and choose the Machine to Machine Applications application type option to create a new application in your Auth0 Dashboard.
You’ll be prompted to pick one of your authorized Auth0 APIs. Pick the Auth0 Management API option.
You must pick these permissions to set up your Auth0 application properly.
With that setup, the new application should be ready to be integrated.
Link Auth0 Application to Vanta
Your new application Domain, Client Id, and Client Secret fields are necessary parameters to link your application to Vanta.
You can find those fields under the Settings tab of your recently created Auth0 Application.
Set up Account Sources
There are two kinds of Auth0 accounts (we address them as account sources):
2. Tenant Members with access to your Auth0 dashboard:
After submitting your tenant credentials, Vanta allows you to pick the correct account sources based on your requirements.
There are two options to choose from to set up your integration:
- Users: Pick accounts from your Auth0 tenant.
- All: This selects every user from your Auth0 tenant, regardless of the organization they belong to.
- Filtered By:
- Organizations: will pick users from the selected organizations from the display.
- Include users that don’t belong to any organization: self-explanatory.
- Tenant Members: this selects accounts with access to your Auth0 tenant dashboard. Currently disabled because Auth0 hasn’t released an API to retrieve tenant members yet. They’re working on it as we speak: https://community.auth0.com/t/management-api-support-for-managing-tenant-members/71086
Once your Auth0 Account Sources are set, Vanta can perform security tests on the correct set of accounts from your account.