Vanta integration
Keep your security & compliance controls in Wolfia always up to date by syncing directly with Vanta
Overview
Our Vanta integration keeps your security and compliance controls in Wolfia live and accurate. Once connected, Wolfia pulls control data from Vanta on a schedule that matches your subscription plan (weekly or monthly) so every questionnaire answer reflects your current posture without manual copy‑paste.
What we sync
- All active controls configured in Vanta
- Control metadata such as source, owner, and framework mapping
Vanta does not expose policy documents through its API, so policies cannot be synced. This is a limitation on the Vanta side and affects all third‑party integrations.
How it works
- You create a Manage Vanta application inside the Vanta Developer Console and generate OAuth credentials.
- You enter the Client ID and Client Secret into Wolfia.
- Wolfia requests a short‑lived bearer token from Vanta and retrieves your controls using the Vanta API.
- On each scheduled sync Wolfia refreshes the token, fetches any changes and updates the control library inside your Wolfia workspace.
Installation steps
- Open Data & Integrations › Vanta inside Wolfia and click Connect Vanta to Wolfia.
- Follow the on‑screen instructions to copy your Client ID and Client Secret from the Vanta Developer Console. More details below.
- Client ID: The OAuth client ID you created in Vanta.
- Client Secret: The OAuth client secret you generated in Vanta.
- Paste the credentials into Wolfia and press Connect.
- Wolfia performs the first sync and shows a success message when finished.
You can manage or disconnect the integration anytime at Manage vanta page.
Generating Vanta API credentials
- Log in to Vanta and navigate to Settings › Developer Console.
- Click Create and choose Manage Vanta as the app type.
- Give the app a name and description, then save.
- Copy the autogenerated OAuth client ID.
- Click Generate client secret and copy the value.
- Assign the scope
vanta-api.all:read(read‑only) so Wolfia can pull controls without modifying anything.
For detailed instructions see the Vanta guide: https://developer.vanta.com/docs/api-access-setup.
Access level
Wolfia uses a read‑only token. It cannot change, delete or create data in your Vanta account. The only permission required is the one shown below:
| Scope | Purpose |
|---|---|
vanta-api.all:read | Read all Manage Vanta data so Wolfia can retrieve your controls |
How Wolfia uses the data
- Each synced control becomes an answer sourse that can be referenced in security questionnaires, RFPs and customer audits.
- When a control changes in Vanta, the next sync updates the corresponding answer in Wolfia so your responses stay current.
Sync schedule
| Plan | Sync cadence |
|---|---|
| Growth | Monthly |
| Scale | Weekly |
| Enterprise | Weekly |
Security
- OAuth secrets are encrypted at rest and never logged.
- Access tokens expire after one hour and are refreshed silently before each sync.
- All data travels over TLS 1.2 or later.
Need help? Email support@wolfia.com or reach out in your customer Slack channel.