Overview
Vanta integrates with Addigy to automatically collect device evidence from your managed macOS fleet. By connecting Addigy as a Mobile Device Management (MDM) tool, Vanta continuously monitors computers for compliance with security controls such as disk encryption, antivirus installation, and password manager usage.
Addigy-managed devices are synchronized into Vanta to support audit readiness for frameworks such as SOC 2, ISO 27001, and HIPAA.
Data synced from Addigy
For supported macOS devices, Vanta synchronizes the following information:
Managed computer inventory (device name, model, serial number, OS version)
Disk encryption status (FileVault)
Installed applications (including antivirus and password manager detection)
Local user accounts and admin users
Device enrollment and last contact dates
Authentication
Vanta authenticates to Addigy using a V2 API Token generated in your Addigy Dashboard.
The token is organization-scoped and grants API access based on the permissions assigned at creation. For this integration, the token requires only the View Devices permission.
Vanta uses this token to securely retrieve device data from Addigy. The integration is read-only — Vanta does not create, modify, or delete any data in your Addigy account.
The API token can be rotated or revoked at any time from your Addigy Dashboard.
Estimated setup time: 5–10 minutes.
Use cases
Connecting Addigy enables the following capabilities within Vanta:
Demonstrate Endpoint Compliance for Audits (SOC 2, ISO 27001, HIPAA): Automatically provide evidence that managed macOS devices meet security requirements such as disk encryption, antivirus protection, and password manager usage — without manual evidence collection.
Continuously Monitor macOS Fleet Security Posture: Maintain ongoing visibility into device compliance status across your organization, rather than relying on point-in-time reviews.
Scope audit evidence to relevant devices: Use Addigy Policies to filter which devices Vanta monitors, ensuring compliance reporting includes only machines relevant to a specific audit or business unit.
Reduce IT effort during audit preparation: Eliminate manual exports, screenshots, and spreadsheet compilation by synchronizing device data directly from Addigy into Vanta.
Support structured device onboarding: Configure a grace period for newly enrolled devices so provisioning activities do not create false compliance failures. Devices are automatically monitored once the grace period ends.
Requirements and readiness checklist
Before connecting Addigy to Vanta, ensure the following:
You have access to an active Addigy Dashboard.
Your Addigy user role includes the following permissions:
View Integrations API
Create Integrations API keys
You can verify these permissions on the Users page in your Addigy Dashboard.
Connect the integration
Follow the steps below to connect Addigy to Vanta using a V2 API Token.
Step 1: Generate a V2 API token in Addigy
Before connecting in Vanta, create a V2 API Token in your Addigy Dashboard.
Log in to your Addigy Dashboard.
Navigate to Account → Integrations → Addigy API → V2.
Click New API Token.
Ensure the token includes the following permission:
View Devices
Copy the generated token to your clipboard. You will paste this into Vanta during the connection process.
Note: The V2 API token provides read-only access. Vanta does not modify any data in your Addigy account.
Step 2: Link Credentials in Vanta
Once your V2 API Token is created:
Open Vanta in a separate window.
Navigate to Integrations.
Select the Connected tab and search for Addigy.
If you see an alert stating “Deprecated API credentials detected,” click Reconnect.
In the Connect Addigy modal, paste your V2 API Token into the designated field.
Click connect.
Vanta will validate the key and display a success message: "Addigy connected!"
Step 3: Configure device scope
After a successful connection, you will be prompted to define which devices Vanta should monitor.
The Select Addigy Policies modal will appear automatically.
Choose your preferred filter type:
All – Vanta retrieves all devices from your Addigy account.
Policies (Specific) – Manually select specific folders or locations (e.g., Vanta Integration, Location 1, XProtect).
Click save.
You will see a confirmation message: “Successfully set Addigy Device filter.”
You can update this selection later by navigating to Integrations → Addigy → Manage → Edit Policies.
Step 4: Verify the Connection
To confirm the integration is healthy:
Navigate to Integrations → Connected.
Locate Addigy.
Confirm that:
The status displays Connected (green).
The badges for Credentials valid, Computers, and Inventory are active.
Once connected, Vanta will begin periodically syncing device data from Addigy.
Monitored Resources
Resource type | Windows | macOS | Linux | iOS | Android |
Device Monitoring | ❌ | ✅ | ❌ | ❌ | ❌ |
Screenlock Settings | ❌ | ✅ | ❌ | ❌ | ❌ |
Antivirus detection | ❌ | ✅ | ❌ | ❌ | ❌ |
Password Manager | ❌ | ✅ | ❌ | ❌ | ❌ |
✅ Supported
❌ Not Supported
FAQs
What permissions does the Addigy API token need?
The V2 API Token requires only the View Devices permission. Vanta uses read-only access and does not modify any data in your Addigy account.
What happened to the V1 API credentials?
Addigy is deprecating the V1 API. If you see a “Deprecated API credentials detected” alert in Vanta, generate a new V2 API Token in your Addigy Dashboard and reconnect the integration following the steps above.
Can I choose which devices Vanta monitors?
Yes. During setup — or at any time afterward via Manage → Edit Policies — you can select:
All devices, or
Specific Addigy Policies to scope which computers Vanta pulls into inventory.
My newly enrolled devices are failing compliance tests. What should I do?
You can configure a Computer Setup grace period to temporarily exclude newly enrolled devices from compliance checks while they are being provisioned.
To adjust the grace period:
Navigate to Integrations.
Locate Addigy.
Select Manage → Edit.
Update the grace period setting.
What operating systems does this integration support?
Addigy is an Apple device management platform. This integration monitors macOS workstations.
How often does Vanta sync data from Addigy?
Vanta periodically fetches device data from Addigy. The exact sync frequency depends on your Vanta plan, but data is typically refreshed at least once every 24 hours.
What should I do if the integration shows a connection error?
Verify that your V2 API Token is still valid.
Confirm that the token includes the View Devices permission.
If the token was revoked or rotated, generate a new one and reconnect in Vanta.
If the issue persists, contact Vanta Support.
Can I mark specific devices as out of scope?
Yes. On the Vanta Computers page, you can mark individual machines as out of scope so they are excluded from compliance checks and audit evidence.