Skip to main content

Set up Vanta for request sync

Set up the Vanta integration

Before you can use Vanta request sync, a System Admin must complete a one-time firm-level setup.

Before you begin

  • Your client must be on a Professional+ package in Vanta with Information Request Lists (IRLs) enabled. If IRLs aren't enabled, the client should contact their Vanta account team.

  • Vanta request sync must be enabled in your firm's Fieldguide instance. System Admins can contact Fieldguide's support team for help enabling it.

Step 1: Create an integration user

Create a dedicated integration user in both Fieldguide and Vanta. An integration user is a service account used specifically to manage the integration—not a personal account. Using a dedicated account prevents disruption if someone leaves the firm or changes roles.

  • Fieldguide integration user: Create a Fieldguide account and assign it the System Admin role.

  • Vanta integration user: The integration user needs an auditor account in Vanta with access to the Auditor API and Webhooks. See Vanta's help center for instructions, or contact audit-relations@vanta.com.

Step 2: Create a Vanta API application

  1. Log into Vanta using the integration user's auditor account.

  2. Go to Auditor API in the left sidebar and click Create. Give the application a recognizable name, such as Fieldguide Request Sync Integration.

  3. Copy the Client ID and Client Secret—you'll need these in the next step.

Step 3: Connect Fieldguide to Vanta and configure webhooks

  1. Log into Fieldguide as the integration user.

  2. Open the integration user's profile and go to Integrations. Click Connect on the Vanta tile.

  3. Enter the following:

    • The email connected to the integration user's Vanta account.

    • The Client ID and Client Secret from Step 2.

  4. Click Connect.

  5. When prompted, click Enable Request Sync. Fieldguide will display a Webhook Endpoint URL—copy this URL.

  6. Return to Vanta and go to the Webhooks section of the Auditor API page.

  7. Create a new webhook endpoint. Paste the URL from Fieldguide as the endpoint, and subscribe to all information-request events.

  8. Copy the Webhook Signing Secret.

  9. Return to Fieldguide, paste the Webhook Signing Secret into the setup form, and save.

Once this setup is complete, any firm user with admin permissions can enable request sync on individual engagements. See Sync requests with Vanta for instructions, including what the client needs to do before sync can be enabled for each specific engagement.

Did this answer your question?