Provision Vanta RBAC Roles Using JumpCloud Groups
With JumpCloud, you can assign Vanta's built-in RBAC roles by using JumpCloud groups. This setup helps ensure that your team members have the correct permissions in Vanta.
JumpCloud does not currently support custom SCIM attributes. Because of this, Vanta is unable to fully support syncing RBAC roles from JumpCloud—in particular, we are unable to support syncing custom roles at this time.
Skip step 4 of the WorkOS instructions- we will not use the custom attribute with JumpCloud, so you can leave the Directory Provider Value field blank and move on to step 5.
Instead, assign to built-in RBAC role IDs through JumpCloud, place your users in JumpCloud groups according to the RBAC roles they should have, and assign those groups to the Vanta SCIM app.
Next, contact the Vanta team and let us know which group corresponds to which built-in RBAC role. We will map the groups to role IDs.
Setting Up Team-Specific SCIM Provisioning in JumpCloud
If you're using JumpCloud groups to assign roles and want to reflect those groups as Teams in Vanta, follow these steps:
Enable SCIM in Vanta
Go to your Settings page in Vanta
Select Logins & Security
Scroll to the SCIM section
Click Enable
This will take you to the WorkOS setup flow.
Select JumpCloud as your provider
In the WorkOS window that opens, select JumpCloud
You’ll be prompted to create a JumpCloud application that WorkOS can connect to
Set up the JumpCloud SAML App
In JumpCloud, go to SSO Applications
Choose SAML and set up the app (you can name it something like "Vanta SCIM")
Save your changes
JumpCloud does not support custom SCIM attributes, so skip step 4 in the WorkOS setup
Leave the Directory Provider Value field blank and move to the next step
Create or confirm JumpCloud groups
From the JumpCloud Admin Console, go to User Groups
Create groups based on how you want to assign RBAC roles in Vanta (e.g., Security Team, Vanta Editors)
Assign users to the appropriate groups
Add users to the appropriate JumpCloud groups based on their function or department
Sync groups with the SCIM application
In Applications, select the SCIM app connected to Vanta
Go to the Group Management section
Select the groups you want to sync to Vanta
Provision and confirm in Vanta
Run the SCIM sync
Go to the Teams page in Vanta to confirm each JumpCloud group appears as a Team
Users will be grouped under the team that matches their assigned JumpCloud group
How Vanta handles groups as teams
Because JumpCloud only supports provisioning of users via groups, and groups are also used to create Vanta Teams, you will see a Vanta Team for each RBAC role. For example, if you have a JumpCloud group used to assign users to the Editor role called “Vanta Editors”, that group will also appear as a Team on the Teams page in Vanta.
If you're using Vanta for GRC and plan to provision users via SCIM, make sure that all personnel you want to monitor are included. These users should be assigned the Employee role. Since Teams in Vanta only allow users with the Collaborator role or higher, your Employee group (which will appear as a Team) may show errors noting that users don’t have access and that’s expected.