Vanta allows login emails to be associated with multiple active Vanta users in different domains. The same email can now be added to other domains as an active user via IDP resource fetch or manual user creation!


Users can now choose which instance to log into if they are a member of more than one Vanta instance. 

multilogin.png

To switch instances or accounts after logging in, click on the company logo in the top right and select a different account to access. 

multilogin2.png

Multi-instance login and switching are only supported if the user signs in via the email login link flow:

singinemail.png

Important product behavior notes

  • Vanta does not permit multiple active users in the same domain to share an email.
  • Vanta does not support logging into multiple accounts via identity providers due to security concerns.
  • Vanta agents will continue to be associated with and report information for only one instance.
  • Contractors with the Vanta agent installed and access to multiple instances can select which instance their agent will report to during agent registration. 

 

Frequently asked questions

  • Will this enable Vanta domains to use the same Identity provider account for multiple Vanta instances?
    • Yes, if the same identity provider instance is connected to multiple domains, then emails for those domains would be able to log into either account. Suppose an identity provider instance is shared between domains. In that case, we still encourage customers to scope out users as appropriate so that users are only in the domain relevant to them.
  • How does Vanta detect or remediate multiple active users with the same email appearing in the instance?
    • This will be surfaced via the “Identity Provider linked to Vanta” test failing.idplinkedtovanta.png
    • This issue can be remediated with the following steps:
      • Ensure that the old user with the email is correctly deactivated.
        • It will vary case by case, but this is often due to an HR User record getting incorrectly linked to a past employee. Unlinking HR User is the fix if this is the case.
      • The new user will be brought in on the subsequent resource fetch, and the test should start passing.

  • Do users need to be admins to log into multiple domains? Or will this work for regular employees as well?
    • Regular employees can select between domains when logging in if their email is associated with users in multiple domains.
    • Please note that we will show the domain switcher and user account menu for users in multiple domains who get redirected to the onboarding page. If a regular user lands on the onboarding page in domain A, but would like to switch to domain B, they’ll be able to change as expected by using the user account menu.