OneTrust integration: Set up with Ramp Programs
Overview
Use the OneTrust integration to gate spend approval until a vendor risk assessment is complete. Ramp can create vendors and assessments in OneTrust, wait for results, and move your approval workflow forward in real time.
What this integration does
- Connects your OneTrust tenant to Ramp
- Adds a vendor to OneTrust if it does not exist
- Creates an assessment from a selected OneTrust template
- Listens for OneTrust webhook events to update Ramp within 30–60 seconds
- Skips the step if a recent approved assessment already exists for the same template and organization
Prerequisites
- Ramp Admin access
- OneTrust admin access to create client credentials and activate webhooks
- A Program in Ramp that you can edit and publish
Permissions and scopes required in OneTrust
Grant the client credentials these scopes:
- organization
- integrations
- inventory
- assessment
Connect OneTrust in Ramp
Step 1: Sign in to Ramp as an Admin. Open the Integrations tab.
Step 2: Search for “OneTrust,” then click Connect.
Step 3: Paste any URL from your OneTrust tenant. We use this to detect your environment.
Step 4: Click the link to open the OneTrust Client Credentials page. Create new credentials (you can name them for Ramp). Do not change advanced options.
Step 5: Add these scopes: organization, integrations, inventory, assessment. Create the credentials.
Step 6: Copy the Client ID and Client Secret. Keep the secret secure. Do not share it outside Ramp setup.
Step 7: Return to Ramp. Paste the Client ID and Secret. Click Next. Ramp validates the credentials and creates three webhooks in OneTrust.
Step 8: In OneTrust, open Integrations. Find the three Ramp webhooks and activate each one (open the item and click Activate, or use the table menu).
Step 9: Return to Ramp and click Finish. The connection shows as Connected.
Add OneTrust to a program approval workflow
Step 1: In Ramp, go to Manage spend > Programs. Create or open a Program (example: Purchase order intake).
Step 2: Edit the Approval workflow. Remove any default steps you do not need.
Step 3: Click View more under Integrations. Add the OneTrust step.
Step 4: Assign who will own the step (example: Any admin). Add instructions and an optional deadline (for example, 7 days).
Step 5: Complete the required fields:
- Template: select the OneTrust assessment template.
- Organization: select the OneTrust organization for the assessment.
- Approval results: choose which OneTrust assessment results count as approval. Any other result is treated as a rejection and stops the workflow.
Step 6: Click Done, Save, and Publish the Program.
Run a request with the OneTrust step
Step 1: Click Request on the Program. Enter request details (name, amount, vendor).
Step 2: After submit, Ramp:
- Adds the vendor to OneTrust if needed
- Creates an assessment from your selected template
- Shows links to the OneTrust vendor record and the assessment
Step 3: The reviewer completes the assessment in OneTrust.
Step 4: OneTrust sends webhook updates to Ramp. Allow 30–60 seconds, then refresh.
Step 5: If the result matches an approved status you selected, Ramp advances the workflow. If not, Ramp rejects the request.
Smart reuse of recent assessments
- Ramp checks for a recent approved assessment for the same vendor, template, and organization.
- If found, Ramp skips the OneTrust step and links to the prior approval.
Troubleshooting
- Cannot connect credentials:
- Use a valid URL from your OneTrust tenant.
- Confirm Client ID and Secret are correct.
- Verify scopes include organization, integrations, inventory, assessment.
- Ramp is not updating after you submit/approve in OneTrust:
- Make sure all three Ramp webhooks are active in OneTrust.
- Confirm the webhooks were not deleted.
- Wait up to 60 seconds and refresh the page.
- Workflow was rejected:
- Check which OneTrust results you marked as “approval” in the OneTrust step. All other results are treated as rejection.
- Vendor not created in OneTrust:
- Confirm the credentials have the inventory scope.
- Check for typos or duplicates in the vendor name.
Security notes
- Store the OneTrust Client Secret in a secure place. Only paste it into Ramp during setup.
- You can revoke the client in OneTrust at any time. To restore the connection, create new credentials and reconnect in Ramp.
- Ramp requests only the scopes listed above.
Who can do what
- Ramp Admin: Connect the integration and edit/publish Programs.
- OneTrust Admin: Create client credentials and activate webhooks.
- Program reviewers/owners: Complete assessments in OneTrust.
Frequently asked questions
- How many webhooks are required?
- Three, all must be active.
- How fast do updates appear in Ramp?
- Within 30–60 seconds after a OneTrust event.
- Can I select more than one approved result?
- Yes, choose one or more results that count as approval.
- Can different Programs use different templates?
- Yes. Each OneTrust step is configured with its own template and organization.