Disabling the Magic Link

  • Updated

By default, all users with access to Vanta can log in via a unique, time-limited link sent to their email. For security purposes, companies may wish to disable this option for your domain and only allow a subset of users to log in using this option. When magic link login is disabled for a domain, all users with SSO access will be required to log in via SSO, and users without SSO access will not be able to log in unless expressly exempted from this setting.

Before disabling magic link login for your domain, you must connect an SSO method. This can be one of Vanta’s IDP integrations, or, if included in your package, a custom SAML method.

Disable Magic Links

  • To edit this setting, open the settings page by clicking the gear icon in the top right-hand corner
  • Select the Login and security tab
  • Toggle the Login via magic link open on or off to suit your needs 

Screenshot 2024-11-01 at 1.28.42 PM.png

  • When you disable the magic link, you will be automatically added to the list of users exempted from this setting

Please note: If you do not have an SSO method configured, the toggle will be disabled

Screenshot 2024-11-01 at 1.33.01 PM.png

  • Once you toggle the option off, you will notice the opportunity to Manage exemptions. This means that all users except those who have been exempted from this account are currently required to log in with single sign-on (SSO).

We recommend you exempt at least one user from this requirement so the account can always be accessed, in case there is an issue with your identity provider.

Exemptions

  • Admins can define a list of users exempted from this setting. The users on the exemption list can log in via the magic link in addition to any SSO configured for their account.
  • Select the Add user drop down, and include the name of the user(s) you would like to exempted 
  • To remove a user from the exemption list, select the trash can icon on the right-hand side of the user name

Screenshot 2024-11-01 at 1.30.42 PM.png

Please note that this setting does not impact MSP (managed service provider) and auditor access to your domain. Because of this, partner users are not eligible to be added to the exemption list.

Frequently Asked Questions

Some of my users have access to multiple independent Vanta domains, which requires them to log in to Vanta using the magic link. What happens if I disable the magic link login?

  • These users will still be sent a magic link that allows them to view the list of domains they can access. If you have configured SSO for their user in your domain, selecting your domain will route them to your SSO login. Otherwise, you must add them to the exemption list to grant them access. If you do not configure SSO for them and do not add them to the exemption list, they will not be able to log in to your domain.

I have a Vanta workspace. What happens if I disable the magic link in only one domain of the workspace?

  • Users with access to multiple domains of the workspace will be required to log in via SSO before accessing the domain with the magic link login disabled. To ensure no disruption of cross-domain access, we recommend that all users who require access to multiple workspace domains be explicitly linked in the workspace console.

I have an MSP; how does disabling the magic link affect their access?

  • Your MSP’s access to your domain is unaffected by your login settings.

I have an auditor, how does disabling magic link affect their access?

  • Your auditor’s access to your domain is unaffected by your login settings.

I have multiple SSOs connected; what happens when I disable the magic link?