Vanta compliance evidence collection
Reference pattern (customer-side)
No first-party Ory connector; integration is implemented in Vanta's Custom Integration / API layer by polling the Ory admin API. Reference: ory/integrates/compliance-audit/vanta.
Vanta is an automated security and compliance platform (SOC 2, ISO 27001, HIPAA). Configure Vanta to pull identity and access management evidence from the Ory Network Admin API so compliance evidence is collected automatically.
How it works
Vanta's Custom Integration polls the Ory Admin API on a schedule using a read-only Project API key. Vanta evaluates its Compliance Tests against the pulled data.
- Create an Ory API key (Project-scoped) with read access.
- In Vanta, go to Integrations, then Add Custom Integration (or use the Vanta API), and configure an API poller against the Ory Admin API on a schedule.
Evidence to pull
| Endpoint | Vanta Test |
|---|---|
GET /admin/identities | Personnel, Access Reviews, dormant accounts |
GET /admin/identities/{id} | MFA enrollment, last-active timestamps |
GET /admin/clients | Service accounts inventory |
| Project config | Password policy, session lifespan |
