Skip to main content
Connect to Vanta using OAuth 2.0 for secure user data synchronization
This guide walks you through connecting Ravenna to Vanta to enable automated compliance monitoring and user data synchronization.

Prerequisites

Before you begin, ensure you have:
  • Vanta account with admin access
  • Ravenna organization admin privileges
  • Access to create OAuth applications in Vanta

Setup guide

Connect via OAuth

The Vanta integration uses OAuth 2.0 for secure authentication. No manual configuration is required.
1

Navigate to integrations

  1. Go to Settings > Integrations
  2. Find Vanta in the Compliance Management section
2

Select Vanta

Click Connect on the Vanta integration card
3

Authorize with Vanta

You’ll be redirected to Vanta to authorize the connection:
  1. Sign in to your Vanta account
  2. Review the requested permissions:
    • Read resources: Access to view previously synced data
    • Write resources: Permission to push user account information
  3. Click Authorize to grant access
Ravenna will only sync user data to Vanta. No data is pulled from Vanta back to Ravenna.
4

Complete setup

After authorization, you’ll be redirected back to Ravenna:
  1. The integration will validate the OAuth connection
  2. Initial user sync will begin automatically
  3. Subsequent syncs occur every 24 hours
The initial sync may take a few minutes depending on your organization size.

What gets synced

User information

The integration syncs the following data for each verified user:
uniqueId
string
Ravenna user ID (internal database ID)
displayName
string
User’s full name (first name + last name)
email
string
Primary email address
role
string
Organization role (ADMIN, MEMBER, GUEST, etc.)
mfaEnabled
boolean
Whether multi-factor authentication is enabled
mfaMethods
array
List of enrolled MFA methods (e.g., ["totp", "sms"])
passwordEnabled
boolean
Whether password authentication is enabled
authMethods
array
Authentication providers (e.g., ["auth0", "google-oauth2"])
emailVerified
boolean
Whether the user’s email has been verified
createdAt
datetime
Account creation timestamp

Filtered users

The following users are not synced to Vanta:
  • Users who haven’t verified their email (pending invitations)
  • Bot accounts
  • Users without email addresses
  • Deleted or suspended accounts

Sync schedule

User data automatically syncs to Vanta every 24 hours to keep compliance data current.
The sync runs as a background workflow and includes:
  1. Fetching organization members from Ravenna
  2. Enriching data with authentication and MFA information
  3. Filtering out bot accounts and unverified users
  4. Pushing updated user list to Vanta

Disconnecting the integration

When you disconnect the Vanta integration:
  1. Token revocation: Ravenna automatically calls Vanta’s token suspension API
  2. Vanta cleanup: The integration is disconnected in your Vanta account
  3. Access revoked: OAuth tokens are revoked and can no longer be used
  4. Data retention: Previously synced user data remains in Vanta according to their retention policies
Disconnecting the integration stops future data syncs but does not delete historical data from Vanta. You can remove the integration and historical data via the Vanta app.
To disconnect:
  1. Go to Settings > Integrations
  2. Find the Vanta integration
  3. Click Disconnect
  4. Confirm the disconnection

Troubleshooting

Cause: OAuth flow was cancelled or failedSolution:
  • Ensure you have admin access to your Vanta account
  • Try connecting again from Settings > Integrations
  • Clear browser cookies and try again
  • Check if popup blockers are preventing the OAuth window
Cause: Users may not meet sync criteriaSolution:
  • Verify users have verified their email addresses
  • Check that users are not bot accounts
  • Wait for the next 24-hour sync cycle
  • Ensure users have valid email addresses
  • Check Vanta dashboard after 5-10 minutes for sync delay
Cause: API errors or connectivity issuesSolution:
  • Check integration status in Settings > Integrations
  • Verify OAuth tokens are still valid
  • Try disconnecting and reconnecting the integration
  • Contact support if errors persist
Cause: OAuth token may already be revoked or invalidSolution:
  • Try disconnecting again (Vanta returns 200 for already-revoked tokens)
  • If disconnect continues to fail, check for network issues
  • Contact support if issue persists
Cause: Workflow scheduling issue or OAuth token expiredSolution:
  • Check OAuth token expiration in integration settings
  • Disconnect and reconnect to refresh OAuth tokens
  • Verify organization has users that meet sync criteria
  • Check application logs for sync errors

Security and privacy

The Vanta integration follows security best practices:
  • OAuth 2.0: Secure authorization without sharing passwords
  • Limited scope: Only requests necessary permissions for user sync
  • Token encryption: OAuth tokens are encrypted at rest in Ravenna’s database
  • Automatic revocation: Tokens are revoked when disconnecting
  • Audit logging: All sync operations are logged for security auditing

Data flow

Ravenna → Vanta (one-way sync)
  1. The integration fetches your Ravenna user account data
  2. Enriches data with authentication methods and MFA information
  3. Filters users based on verification status and account type
  4. Pushes data to Vanta via OAuth-authenticated API call
  5. Vanta stores data for compliance monitoring
This is a one-way integration. Ravenna does not receive any data from Vanta.

FAQ

User data syncs automatically every 24 hours. The sync schedule ensures compliance data stays current without overwhelming Vanta’s API.
Manual sync is not currently available. The automated 24-hour schedule is designed to balance data freshness with API rate limits.
Disconnecting stops future syncs but does not delete historical data from Vanta. Previously synced user data remains in Vanta according to their retention policies. Contact Vanta support to request data deletion.
Users are excluded from sync if they haven’t verified their email, are bot accounts, or don’t have a valid email address. Check the user’s email verification status in Ravenna.
Currently, the integration syncs standard user attributes (name, email, role, MFA status, authentication methods). Custom attributes are not supported at this time.
Disconnect the integration and reconnect to re-authorize with updated OAuth scopes. This will grant any new permissions required by Vanta.

Next steps

Monitor sync status

Check integration status and sync history in Settings > Integrations

Review Vanta dashboard

View synced user data and compliance reports in your Vanta account