1. Vanta
  2. Integrations
  3. Identity Providers

Identity Providers

Connecting Vanta & Okta

  • Updated

Through the Vanta and Okta integration, you can create a connection to import your employees seamlessly into Vanta and also allow specific users to log in to Vanta through Okta single sign-on. 

 

Step 1

  • As an Okta Admin, log into your company's Okta account
  • From the left-hand navigation panel, select Applications
  • Select Create App Integration

  • Select API services and choose Next

  • Title the App integration name
    • We recommend using a name that signifies its relation to Vanta 
  • Select Save

  • Select Okta API Scopes and grant access to the following items
    • okta.appGrants.read
    • okta.apps.read
    • okta.groups.read
    • okta.idps.read
    • okta.policies.read
    • okta.roles.read
    • okta.users.read

  • Under "General Settings," you must uncheck the following box that says Require Demonstrating Proof of Possession (DPoP) header in token requests. Vanta does not currently provide Proof of Possession, so leaving this box checked will prevent you from being able to complete the integration

    Note:     Reload the App Page and confirm the Check Box is not checked. There is an issue where the box remains checked after updating it for the first time. Confirm before continuing the connection

 

  • Note: If the API Service App supports Admin Roles:

Or if you receive the below error when trying to Validate in Vanta:

Then you may be required to assign the Super Administrator role to the Application:

For security concerns on this requirement, please review the Okta article below:
https://support.okta.com/help/s/article/403-error-with-org2org-provisioning-with-oauth?language=en_US

 

Step 2

  • Locate your Okta Client ID and Okta Domain

 

 

  • How to find your Okta Domain ID:

  • Login to Vanta and open the Integrations Page
  • Search for Okta in the Available Tab
  • Select Connect
  • Paste your Okta Domain and Client ID into the appropriate fields:

  • Select Next. A new pop-up modal will appear.
  • Copy the URL from Step 5 (paste it somewhere safe).
    You will need the URL from step 5 in the Okta platform
  • Do not select Validate (This will happen during a later step)

 

 

Step 3

  • Return to Okta and find your App Integration
  • From the General tab, select Edit and choose Public Key / Private Key for Client authentication
  • Under the Public Keys section, select Use a URL to fetch keys dynamically.
  • Paste the URL obtained from the pop-up modal back into the open Okta field

 

  • Select Save

Step 4

  • Return to Vanta
  • Select Validate from the pop-up Modal

 

Note: If you would also like to enable SSO for all or specific users, Wait to select 'connect app' on the connection modal - Follow the below steps first:

 

 

Step 1: Installing the Vanta SAML App in Okta

  • Under Applications, select Browse App Catalog:

 

  • Once you've located the Vanta SAML App, Select it and Add Integration:

 

  • Return to Vanta and copy your Domain ID, this will be needed in the next step.

 

 

Step 2: Configuring Sign-on settings:

  • Under Applications, click on the Vanta application.
    • In the following screen, click on the Sign On tab and then Edit.


 

  • Find Advanced Sign-on Settings and paste the Vanta domain ID into the Domain ID field. 

  • Select Save

 

Step 3: Adding your User assignments

You can now add your User Assignments for SSO Login via the Assignments section of the Vanta SAML Okta App:

  • Select the Assignments tab and click Assign. From there, assign the Okta application to the proper users/groups using SSO to login to Vanta.



Step 4: Connecting the app on Vanta

 Once you've configure the Vanta SAML App in Okta, You can click 'Connect App' in Vanta:

  • Return to Vanta and select Connect app

  • Once connected, you should see an alert indicating the Okta Login app has been successfully connected. You will then be returned to the Integrations Page.

 

 

Creating multiple Vanta Okta apps for Workspaces

If you use Vanta Workspaces, you can add multiple Vanta apps in Okta, one for each Workspace. 

 

  • Follow the same steps under “Add Vanta to your Okta Account”.
  • When you select Add Integration and complete the prompts under General settings, ensure the app label contains Vanta (name must be exact).
  • You can choose to customize the text in the parentheses.

 

Screen_Shot_2023-05-31_at_9.33.24_AM.png

 

  • When you connect Okta on the Integrations page, we will recognize if you have multiple Vanta apps in Okta. After adding your API Token and Okta domain, you’ll see a prompt on the next step to select the Vanta app you want to connect.

Screenshot_2023-06-01_at_4.40.50_PM.png

If you have connected your Okta app before June 22, 2023, and then disconnected, the above process will need to be followed.