1. Vanta
  2. Integrations
  3. Identity Providers

Identity Providers

Integrating Vanta & PingOne Identity Provider

Through the Vanta and PingOne integration, you can connect your employees seamlessly into Vanta.

1. Create the PingOne Custom Administrator Role 

  • Log into PingOne, go to Directory, followed by Administrator Roles, and click the Custom Roles tab.
  • Select Add Custom Role.
  • For Initial Permissions, select “No permissions” as the basis for the new role.
  • Provide a name (we suggest “Vanta Worker App Roles”)
  • In the Assignable by field, select the roles allowed to assign this role to others. Usually, this is “Environment admin.”
  • Select Next.

  • Mark the “Automatically include essential permissions (recommended)” option
  • Enable the following permissions:
    • Read Group
    • Read User
    • Read User Linked Accounts
    • Read Application
  • Click Next and confirm that you have only the above permissions and essential permissions enabled.
  • Click Save.

2. Create the PingOne Worker Application

  • Log in to the PingOne admin console. 
  • Select Applications followed by Applications.

  • Click the + icon next to Applications to add a new app.
  • Provide an Application Name (we suggest Vanta Worker App), and select Worker as the Application Type.

bb8e78be-6265-4ba8-adc7-57f2a017eb9f.png

  • Click Save.
  • Click the toggle in the upper right-hand corner to enable the application.
  • The Environment ID, Worker app Client ID, and Worker app Client Secret are displayed; they will be used on the Vanta Integration Page.

  • Select the Roles tab, and click Grant Roles.
  • Expand the Vanta API Roles entry. On the desired environment, click the icon and select the Vanta Worker app. If you have already created the Vanta SAML SSO App, select this as well.
  • Click Confirm
  • Click Save 

3. Connecting the Integration in Vanta 

  • Navigate to the Integrations page from the left-hand navigation panel
  • Go to the Available tab and search for PingOne
    • or select Manage followed by Edit if you have already connected PingOne
  • Click Connect.
  • If you want PingOne to populate the people page, turn the toggle on.
  • Click Continue
  • If you want to enable SSO with PingOne, create the SAML Application in PingOne by following the steps on section 3.1.
  • Fill out the required information
    • Client ID is the Vanta Worker App Client Id
    • Client Secret is the Vanta Worker App Client Secret
    • Environment ID is the Vanta Worker App Client Secret environment id
    • Vanta SAML App ID is the Vanta SAML SSO App Id

  • Click Validate and store.

3.1 Create the PingOne SAML SSO Application

  • Log in to the PingOne admin console. 
  • Select Applications followed by Applications.
  • Click Add Application and select New SAML Application.
  • Click the + icon next to Applications to add a new app.
    In the Application Name field, enter an application name (we suggest “Vanta SAML SSO App”), and select “SAML Application” as the Application Type.

  • Click Configure
  • On the SAML Configuration section, select Manually Enter
  • Fill the ACS URLs and Entity ID fields from what the Vanta Integration Page provides

  • Click Save
  • On the open drawer, click the Configuration tab and then the pencil icon.
  • For the Signing Section, change it to Sign Assertion & Response.

  • Click Save
  • On the same drawer, click on the Attribute Mappings tab and then on the pencil icon.
  • Change the saml_subject to Email Address.
  • Click Save
  • Click on the toggle to enable the App and copy the ID, and it will be used on the Vanta Integration Page

Updated