By creating a service user in Bob, you can connect Vanta to easily import employee status information, allowing you to monitor the start & end dates of your team. Vanta only requires base-level permissions to access the data it needs, using a permission group that applies to all employees, not just active ones.
Prerequisites
Admin permissions in Vanta
Admin Permissions in Bob
Permissions in Bob can be checked by navigating to your Profile and clicking on the 'Permissions' tag next to the action dropdown
Procedure
In your Vanta dashboard, navigate to the Integrations page and click on the Available tab
Search for Bob, then click Connect
Note: The connection module will appear with redirect links to the Bob dashboard, allowing you to log in
In the Bob dashboard, click on Settings from the left-hand menu, followed by Integrations
From the Integrations page, click on Service Users
Click on New Service User
In the popup, enter Vanta for both the Service user name & Display name, then click next
This will generate your API credentials
Important: Copy both the ID and Token but do not save them in Vanta yet. There is no way to retrieve the Token again, so be sure to paste it into a notepad, where it can be deleted afterward
Once you have copied the ID and token, click Done. Click on the Settings icon from the left menu, then Permissions Groups
Click on Create Group
Enter the group name as Vanta Permission Group
Under Group Members, enable Select people by ConditionSelect Edit
The condition Lifecycle status will be added by default. Hovering near the last box should give you a delete option
Delete this condition
Click on the Dropbox under Add Specific Employees, and search for the Vanta user previously created. Select and click apply.
Then click the apply button again and click Create to create the group. You'll receive a prompt to confirm that you're adding one person to this group, which you can confirm.
You should be automatically redirected to the settings for the new group. Click on the tab Peoples Data, then under the Access Rights section, click on People
Vanta needs access to all sections that include the following fields: Termination Date, Lifecycle Status, Employee ID, First Name, Last Name, Email, Display Name, Start Date, Department, Site, and Job Title.
Typically, enabling the following permissions will grant access to all of these fields (some of these permissions may already be enabled by default). Please see the “Troubleshooting” section below for custom “Employee Fields” configurations.
View selected employees' About sections
View selected employees' Basic info sections
View selected employees' Lifecycle sections
View selected employees' Personal contact Details
View selected employees' Work sections
View selected employees' Work contact details sections
Click Save. You will be presented with a summary of changes that you can review and cross-check that everything has been set correctly.
Click Apply
Navigate back to Vanta, and enter the Service ID & Token previously generated, then click store token. You should be presented with a pop-up confirming the connection with an option to configure the scope
Troubleshooting
I'm unable to connect with Bob and I've set up a custom Employee Fields category
If you've moved a field such as Termination Date, Lifecycle Status, Employee ID, First Name, Last Name, Email, Display Name, Start Date, Department, Site, Job Title to a section that is not About, Basic Info, Lifecycle, Work, or Work contact details section, you'll need to grant the Vanta permission group access to View selected employees' [CUSTOM CATEGORY] sections for any additional sections.
Why do my Vanta users associated with Bob accounts appear inactive instead of terminated when past their end date?
Ensure the lifecycle status filter in Access rights has been deleted for the Vanta permission group. This filter is probably set to Lifecycle Status equals Employed, so we cannot pull data for terminated employees.