Overview
On the Identity Provider Linked to Vanta test, you may see one of the following messages on a user entry:
"Unable to load user from identity provider. Loading this user would cause there to be multiple active users in Vanta with the same email address."
"Updating Vanta user would cause multiple active users to have the same email."
"There are multiple users with the same email in your identity provider. Loading this user would cause there to be multiple active users in Vanta with the same email address."
All three messages stem from the same root issue: Vanta enforces a rule that only one active personnel record can exist per email address. When an Identity Provider (IdP) sync would create or update a user in a way that violates this rule, Vanta blocks the sync and records a fetch error on the affected IdP user resource.
Note: If the error says, "There are multiple users with the same email in your identity provider," the duplicate exists in the IdP itself (not in Vanta). Check your IdP admin console for two active accounts sharing the same email address, and deactivate or update the duplicate there.
Identify your scenario
Before proceeding, determine which situation matches yours:
Scenario | Key indicator |
Scenario 1: IDP user conflicts with an existing manually-added user | The People page has an active profile with the same email, and Vanta is listed as the source |
Scenario 2: IDP user conflicts with a user from a different IDP | The People page has an active profile with the same email, sourced from a different IDP |
Scenario 3: An email change in the IDP conflicts with an existing user | The person has multiple active profiles with different emails, and the IDP email was recently updated |
Scenario 1: IDP user conflicts with an existing manually-added user
What causes this
Someone was added to the People page manually (e.g., via "Add a person"), and then an IdP syncs a user with the same email address. Because the manually-added profile already occupies that email, Vanta blocks the IdP user from syncing in.
Note: Vanta will normally auto-merge an IdP user with a manual user that shares the same email. This conflict only occurs when the auto-merge fails. For example, if the manual user already has an IdP link from the same service.
How to identify
The error message in the test will tell you the name of the IdP user having trouble syncing.
Navigate to Integrations → Connected and click Manage Scope next to the affected IdP integration.
Search for the flagged user's name and note their email address.
Navigate to the People page and search for that email.
You're dealing with this scenario if:
There is an active profile on the People page with the same email
Vanta (not an IdP) is listed as the source of their email
Their status is Current
Resolution
Determine whether the manually-added user has any task history, policy acceptances, or assigned ownerships that need to be preserved.
If the manual user has an Admin role assigned, revoke it first.
If HRIS data is linked to the manual user, unlink it (see Manage HR Data steps below).
Contact Vanta Support and let them know you need the duplicate resolved. Provide the email address and which profile should be kept.
If the manual user has no historical data to preserve: Support can delete the manual user, which allows the IdP user to sync on the next data fetch.
If the manual user has historical data to preserve: Support will ask you to mark the manual user as a Service Account (which removes it from the active email uniqueness check). This allows the IdP user to sync. Then Support will merge the old profile into the new one, transferring all historical data.
Once the IdP user appears on the People page, re-link any Admin roles or HRIS data as needed.
Scenario 2: IDP user conflicts with a user from a different IDP
What causes this
Your organization has more than one IdP connected to Vanta (for example, both Google Workspace and Okta, or two instances of the same IdP across different domains), and both are configured to populate the People page. When the second IdP tries to sync a user whose email is already occupied by a profile from the first IdP, Vanta blocks it.
Note: This can also happen with a single IdP if you have two credentials or domain instances connected.
How to identify
The error message will tell you which IdP user is failing.
Navigate to Integrations → Connected and click Manage Scope next to the affected IdP.
Search for the flagged user and note their email.
Navigate to the People page and search for that email.
You're dealing with this scenario if:
There is an active profile with the same email
A different IdP is listed as the source
Their status is Current
Resolution
First, decide which IdP should be the source of truth for this user.
Option A — Keep the existing IdP user, exclude the flagged one:
Go to Integrations → Connected and click Manage Scope next to the IdP that is failing.
Toggle the flagged user out of scope. This stops that IdP from trying to provision them and clears the error.
Option B — Keep the existing IdP user for all users, stop the second IdP from creating people entirely:
Go to Integrations → Connected and click Manage Scope next to the secondary IdP.
Turn off the "Populate the People Page" toggle. Users from this IdP will still appear as accounts for access and vendor monitoring, but they won't create or conflict with profiles on the People page.
Option C — Switch to the new IdP user:
Determine whether the existing IdP user has task history or assigned ownerships.
Revoke the existing user's Admin role if assigned.
Unlink HRIS data from the existing user if linked.
If the existing user has no historical data, go to the existing IdP's Manage Scope and toggle the existing user out of scope. This removes them, allowing the new IdP user to sync.
If the existing user has historical data, contact Vanta Support. They will walk you through marking the existing user as a Service Account so the new user can sync, and then merge the profiles to preserve historical data.
Once the new IdP user is on the People page, re-link Admin roles and HRIS data as needed.
When connecting multiple IdPs to Vanta, it is recommended to only use one IdP for "populating the People page" unless your personnel are genuinely split across multiple IdPs. Visit the Integrations page to adjust this setting for each IdP. Learn more about IdP integration configuration.
Scenario 3: IDP email change conflicts with an existing user
What causes this
A user's email was updated in the IdP (e.g., name change, alias change), and the new email matches an existing active profile on the People page. When Vanta tries to sync the email change, it can't update the linked profile because this would cause two active profiles with the same email.
You may see the variant error message: "Updating Vanta user would cause multiple active users to have the same email."
How to identify
The error message will identify the affected user.
Check the People page — this person may have multiple active profiles with different email addresses.
One profile reflects their old email (still linked to the IdP); another profile already uses the new email.
Resolution
Identify which profile on the People page corresponds to the user's old email and which uses the new email.
The profile with the old email needs to be removed or merged so the IdP can sync the email change.
If the old-email profile has historical data, contact Vanta Support to merge the profiles.
If it has no historical data, you can offboard or remove the conflicting profile, which allows the email update to sync.
How to Unlink HR Data (Prerequisite for Some Resolutions)
Several resolution paths require unlinking HRIS data before a user can be removed or converted. These steps require an active HRIS integration (e.g., Rippling, BambooHR, Workday) connected to Vanta.
Navigate to Personnel in the left-hand column.
Select the People tab.
Click the three dots (⋯) in the upper right and select Manage HR Data.
In the pop-up modal, select Linked and find the appropriate person's name in the Link To Person column.
Select Unlink user from the dropdown.
Click Save in the bottom right corner.
If you do not have an HRIS integration connected, the Manage HR Data option may not be available. Contact Support in that case.
When to Contact Support
Contact Vanta Support if:
You need two duplicate profiles merged to preserve historical data (task completions, policy acceptances, security training). This is the most common outcome.
The Refresh button is hidden on the test and you need an immediate re-evaluation.
Your situation doesn't match any of the scenarios above.
You're unsure which profile to keep or which IdP to adjust.