Dynamic IDP Groups: Office 365

  • Updated

Using the Dynamic IdP groups functionality reduces the time spent creating groups and manually adding or removing members in two places. Now, you will be able to work with the groups that have already been made within Office 365 and use them for workflows and assignments within Vanta! 

What are Groups?

  • Multiple users with similar responsibilities, tasks, or job descriptions can be grouped.
  • Groups can then assign Checklists to multiple users, making it easier to manage which tasks are assigned to specific people.

Prerequisites 

  • To leverage the connection between Vanta and Office 365, the Vanta O365 Integration app must be assigned to the desired employees & groups you wish to manage in your Entra ID  Admin Center
    Please see Controlling Scope Through Office to configure your account before importing IDP groups

Importing Groups from Office 365

  • Select Import Groups from the Groups page in the top right-hand corner.
  • From here, you will be asked to select which groups you would like brought Into Vanta.
    • Select the check box next to the group name to signify they should be imported.

Screenshot 2023-08-02 at 2.44.19 pm.png

 

  • Once you have selected, click Next in the lower right-hand corner. 
  • Choose a checklist from the drop-down to be assigned to each group.

Screenshot 2023-08-02 at 2.45.06 pm.png

  • Click Next
  •  If you would like to make changes, select Back. If you are ready to import into Vanta, you can choose Import Groups.
  • The newly imported groups will now appear on your groups' list as Created by Office 365.
  • Checklists for an identity provider imported group can be updated similarly to any other list or group.

Updating Groups in Office 365

  • When adding or removing users from groups within Office 365, that information will automatically be updated and reflected in Vanta on the next sync.
  • If you don't see the changes reflected immediately, select Refresh data to force the update.

Reassigning Groups 

  • Once a user is assigned to a group through Office 365, their group cannot be reassigned from within Vanta.
  • To control the user's group through Vanta, remove the user from the Office 365-created group or delete the imported group in Vanta.
  • If you rename a group imported from Office 365, the name change must be made within Entra ID and Office 365. Once saved, the name change will also be reflected in Vanta.

Removing Imported Groups

  • The imported group must be deleted to remove an Office 365 group import.
    • To delete a group, open the Groups page and select the Office 365-imported group you would like to remove
    • Select the options menu (...), and select Delete Group
  • When this happens, all existing identity provider group users are reassigned to their prior Vanta groups, and the identity provider group is removed from Vanta. The group can always be re-imported if the admin changes their mind.

Please keep in mind that:

    • We do not support IDP groups with more than 8,000 employees. Users will not see groups with more than 8,000 employees show up in the UI when importing groups. 
    • We don't support fetching more than 10,000 groups for our Office 365 IDP group integration due to rate limits imposed by Microsoft. If a user has 10,000+ groups, only the first 10,000 will be available for import.
    • Changes from identity providers are only reflected when resources are refreshed on a two-hour cadence. Customers can also trigger these refreshes from the group's drawer on the group's page.
    • Suppose a user is in multiple groups in their identity provider, and both groups are imported within Vanta. In that case, we place the user into the last imported group in Vanta by default. This can subsequently be changed from the people page by editing the group for a user.