What kind of data is Vanta requesting from Okta?
To understand the permissions Vanta needs to request this data, see the following help article, Connecting Vanta & Okta, to see the scopes that Vanta requires to integrate with Okta.
Users
Users
ID
Email
Display Name
First Name
Last Name
Account Status
Activation Time
Last Login Time
MFA Enrollment
Creation Time
Roles
Groups
Groups
ID
Name
Users in Group
Password Policy
Password Policy
ID
Name
Max Password Age
Minimum Password Length
Requirement for Lowercase Characters
Requirement for Uppercase Characters
Requirement for Numbers
Requirement for Symbols
Allow Reuse of Passwords
Vendors
Vendors
ID
Users with Application
Groups with Application
Label
Sign On Mode
Last Updated
Creation Time
Name
How do I prevent Vanta from importing all Okta users?
If you’re using Okta as your IdP, you can control which users Vanta imports by scoping the Vanta app assignment in Okta.
When you first connect Okta, Vanta will import all Okta users by default if the Use Okta to populate the People page setting is enabled. If you only want a specific subset of users to appear in Vanta and receive notifications, you should scope which users sync into Vanta before turning on syncing with the People page.
To prevent importing all users, configure control scoping with Okta:
Connect Okta to Vanta, but keep Use Okta to populate the People page turned off.
In Okta, assign the Vanta app only to the users or groups you want included in Vanta.
In Vanta, go to Integrations > Okta > Configure scope, enable Control scope with Okta.
Now turn on Use Okta to populate the People page. Vanta will import only the assigned users.
Check the People page after syncing—only the scoped users should appear.
Use Okta SCIM instead of Okta as your IdP if you want Vanta to automatically add, update, and deactivate users based on how they are assigned in Okta. See Plans & Pricing