Other Integrations & Connections

Connecting Vanta & Auth0

  • Updated

Vanta uses an inbuilt Auth0 Management API to perform security checks for access review. You can see it under the APIs tab of your Auth0 dashboard.

 

00.png
 
 To use this API, you must create an authorized machine-to-machine Application in Auth0 before integrating into Vanta. We have a step-by-step guide for this below.
 

Pre-requisites

This document assumes that you have an Auth0 account set up already.

 

Instructions

 

Create Auth0 Application

Please look for the APIs panel and create a new application by clicking the Create Application button.

 

01.png
 
 

A modal to create a new application will appear. Name your application and choose the Machine to Machine Applications application type option to create a new application in your Auth0 Dashboard.

02.png

 

You’ll be prompted to pick one of your authorized Auth0 APIs. Pick the Auth0 Management API option.

 

03.png
 
After picking your authorized API, you’ll have to select a set of permissions from the Permissions section to execute the endpoints Vanta requires to make the security tests.
 
04.png
 

You must pick these permissions to set up your Auth0 application properly.

 
05.png
 
After choosing these permissions, click the Authorize button to create your application linked to the Auth0 Management API.
 
06.png
 
07.png
 
 

With that setup, the new application should be ready to be integrated.

 

Link Auth0 Application to Vanta

Your new application Domain, Client Id, and Client Secret fields are necessary parameters to link your application to Vanta.

 
08.png
 

You can find those fields under the Settings tab of your recently created Auth0 Application.


09.png

 

Set up Account Sources

There are two kinds of Auth0 accounts (we address them as account sources):

  1. Users managed by Auth0 that can be grouped into Organizations or not:

10.png

 

11.png

 

2. Tenant Members with access to your Auth0 dashboard:

12.png

 

After submitting your tenant credentials, Vanta allows you to pick the correct account sources based on your requirements.

13.png

There are two options to choose from to set up your integration:

  • Users: Pick accounts from your Auth0 tenant.
    • All: This selects every user from your Auth0 tenant, regardless of the organization they belong to.
    • Filtered By:
      • Organizations: will pick users from the selected organizations from the display.
      • Include users that don’t belong to any organization: self-explanatory.
  • Tenant Members: this selects accounts with access to your Auth0 tenant dashboard. Currently disabled because Auth0 hasn’t released an API to retrieve tenant members yet. They’re working on it as we speak: https://community.auth0.com/t/management-api-support-for-managing-tenant-members/71086

Once your Auth0 Account Sources are set, Vanta can perform security tests on the correct set of accounts from your account.