Connecting Vanta and Figma

Automated compliance tests — Vanta checks that Figma accounts are linked to active employees and that access is removed when personnel leave. This reduces the manual effort of verifying offboarding and provides test results that can be used as compliance evidence.

Access reviews — Synced users and group membership appear in Vanta's Access Reviews workflow. Reviewers can confirm whether access is still appropriate, validate least-privilege alignment, and generate audit-ready evidence without leaving Vanta.

Access requests — Figma can be configured as an access system in Vanta, making it available as a destination in the Access Requests workflow. Employees can request Figma access, and approvers can review requests with user and group context visible. Note: access request fulfillment is manual. Vanta does not auto-provision new users into Figma when a request is approved.

Automated deprovisioning — When automated deprovisioning is available for your Vanta account and you opt in for a Figma connection, Vanta can deactivate a user's Figma account during offboarding without requiring manual action in Figma.

Users — Used for Access Reviews, Access Requests, and Automated Tests.

Groups — Used for Access Reviews and Access Requests (membership context on user records; groups are not stored as standalone resources in Vanta).

Roles — Basic role data (such as seat type or permission level) may appear on account records, depending on configuration; full entitlement mapping is not supported.

Access Deprovisioning — Allows deactivation of users directly from Vanta (may require an add-on or upgrade to your Vanta account; provisioning is manual — Vanta does not auto-provision new users into Figma).

User accounts - Confirms that only active employees retain system access. In Access Requests, this allows Vanta to display available users when tracking or assigning access.

Group memberships - Validates least-privilege access and confirms that group-based access controls meet compliance requirements. Synced group data is surfaced in Access Reviews so approvers can assess whether a user's group memberships reflect appropriate access.

Deactivates users — Vanta sends a SCIM request to set the user's account to inactive in Figma. No other user data is modified. Accounts are deactivated, not deleted.

A Vanta administrator account

A Figma SCIM API token

Your Figma Tenant ID

SAML SSO configured in your Figma organization: Your Tenant ID is located in the SAML SSO section of Figma Admin Settings; SAML SSO must be set up before you can retrieve it

Open Figma and log in as an admin.

Select Admin in the left sidebar.

Navigate to the Settings tab.

In the Login and provisioning section, click SCIM provisioning.

Click Generate API token.

Copy the API token value — you will need this in Vanta.

In Vanta, go Integrations, click on the Available tab, and search for Figma.

Click View details, then click Connect.

Enter the API token (SCIM token) you generated in Step 1.

Enter the Tenant ID you copied in Step 2.

If your account has access to automated deprovisioning for Figma, you may also see an Enable Vanta to automatically deprovision checkbox. Select it if you want to opt in for this connection.

Click Validate and store credentials.

You will see a Figma Connected! modal after that.

After setup, navigate to the Integrations section, search for Figma, and verify the status shows Connected.

To confirm the account data is syncing, go to Personnel > Access > select Figma from the dropdown menu. Once the initial sync completes, active Figma user accounts will populate on this page.

If automated deprovisioning is available for your account and you opt in for the connection, that connection can be used in Vanta's offboarding workflow to deactivate Figma users.
​

Likely cause: Your Figma plan does not support SCIM, or your account does not have Organization Admin permissions.

Fix: Confirm your organization is on a Figma Organization or Enterprise plan and that you are logged in as an Organization Admin. If your organization uses non-SAML authentication, SCIM provisioning cannot be enabled.

Likely cause: The initial sync has not yet completed, or the credentials entered were incorrect.

Fix: Allow up to 30 minutes for the initial sync. If users still do not appear, verify that the API token and Tenant ID were entered correctly and reconnect the integration from the Integrations page in Vanta.

Likely cause: Figma's SCIM provisioning was recently enabled and has not yet synced your users.

Fix: After enabling SCIM provisioning in Figma, wait a few minutes for Figma to complete its initial provisioning, then retry the connection in Vanta.

Likely cause: Automated deprovisioning for Figma is not enabled for your Vanta account.

Fix: If you expect this feature to be available, contact Vanta Support or your account team to confirm plan eligibility and rollout status.

Likely cause: The SCIM token stored in Vanta was not generated by a Figma Organization Admin, or the generating admin's permissions were changed after the token was created.

Fix: Log in to Figma as an Organization Admin, generate a new SCIM API token, and update the integration credentials in Vanta.

Likely cause: The SCIM token has been revoked or regenerated in Figma. The token stored in Vanta is no longer valid.

Fix: In Figma, navigate to Admin Settings > Settings > SCIM provisioning, generate a new API token, and update the credentials in Vanta.

Likely cause: Required information about the user is missing or in an unexpected state in Figma.

Fix: Verify the user's account exists and is in a valid state in your Figma organization, then retry.

Likely cause: The initial sync has not completed, or no groups exist in your Figma organization.

Fix: Confirm that groups exist in your Figma organization. If the integration was recently connected, allow up to 30 minutes for the initial sync to complete.