Vanta integration: Set up security reviews for procurement

Overview

The Vanta integration allows you to add a Vanta security review step to any Intake workflow in Ramp. This allows your security team to conduct their reviews in Vanta at whatever point in the workflow you choose. Vanta decisions, actions, and comments sync back to Ramp to advance or stop the request from being approved.

What you can do

• Trigger a Vanta review during a purchase request.
• Assign an owner to complete the review in Vanta.
• Add instructions and a due date for the reviewer.
• Auto-advance if the vendor is already approved in Vanta.
• Auto-stop if the vendor is already rejected in Vanta.
• See review Vanta activity and comments in the Ramp request.

Prerequisites

• Ramp: Permission to manage apps and edit Programs/Intake workflows.
• Vanta: Admin access to create a webhook and an OAuth application.
• At least one Program with an Intake workflow in Ramp.

Set up the Vanta integration

Step 1: Start the connection in Ramp

1. In Ramp, go to Company > Integrations > Productivity.
2. Select Vanta and click Connect.

Step 2: Create and connect a webhook in Vanta

1. In Vanta, open the webhook settings.
2. Subscribe to the events required for the integration.
3. Paste the endpoint URL provided by Ramp.
4. Create the webhook.
5. Copy the signing secret from Vanta.
6. In Ramp, paste the signing secret into the Vanta connection page.

Step 3: Create an OAuth application in Vanta

1. In Vanta, open the Developer Console.
2. Create a new application. Add a name and description, then save and click Manage.
3. Copy the OAuth client ID.
4. Generate and copy the client secret.

Step 4: Complete the connection in Ramp

1. In Ramp, paste the client ID and client secret into the Vanta connection page.
2. Click Finish. The integration is now connected.

Add Vanta to an intake workflow

Step 1: Open your program

1. In Ramp, go to Manage Spend > Programs.
2. Open the program you use for software procurement (or any program).

Step 2: Edit the workflow

1. Go to the Intake tab.
2. Edit the approval workflow.
3. Click the plus (+) on the canvas and add the Security review > Vanta step.

Step 3: Configure the Vanta step

• Owner: Choose the person in Ramp who will start the review in Vanta.
• Instructions: Add any guidance the reviewer needs.
• Due date: Set a deadline for the review step.

Reviewer experience

• The assigned owner gets an email and a task on the Ramp home screen.
• The task includes a Complete in Vanta button.
• Clicking the button opens Vanta to start the review, add evidence, and set a due date.
• The reviewer chooses a decision in Vanta: Approved, Conditionally approved, or Not approved.
• Comments added in Vanta sync back to the Ramp request.

How Ramp responds to the Vanta decision

• Approved or Conditionally approved: Ramp advances to the next step in the workflow.
• Not approved: Ramp rejects the request.
• Vendor already approved in Vanta: Ramp skips the step and moves to the next step. A comment notes the prior approval.
• Vendor already rejected in Vanta: Ramp stops the workflow and notes the prior rejection.

Where to see status in Ramp

• Open the purchase request in Ramp.
• The Activity log shows events from Vanta, including vendor creation, the decision, and any comments.
• The current step will be highlighted under ‘Approval workflow.’

Tips and troubleshooting

• Webhook issues: If updates do not appear in Ramp, confirm the endpoint URL and signing secret in Vanta match the values shown in Ramp.
• OAuth issues: If connection fails, verify the client ID and secret are current and pasted exactly (no extra spaces).
• Permissions: Ensure you can manage apps and Programs in Ramp and have admin access in Vanta to create webhooks and apps.
• Testing: Create a test vendor and run a review to confirm end-to-end sync.
• Missing Vanta step: If a request skips the Vanta step, the vendor may already be approved or rejected in Vanta. Check the Activity log.
• Ensure the users you assign to Vanta steps have Vanta access, otherwise reviews could get delayed.

Maintain or remove the integration

• To change the owner, instructions, or due date, edit the Vanta step in your Intake workflow.
• To disconnect, go to Company > Integrations > Vanta > Disconnect.

Support

• For setup help, contact Ramp Support.
• For webhook or OAuth configuration help, contact your Vanta admin or Vanta Support.