# Asana (Access Review) Integration

The Asana (Access Review) integration allows you to monitor and review user access to your Asana workspace directly from Sprinto.

This integration helps ensure that only authorised users retain access to Asana, supporting compliance requirements such as SOC 2 and ISO 27001.

Sprinto connects to Asana using a secure third-party aggregator and continuously syncs user access data to enable automated checks and reviews.

***

### How it works

Sprinto integrates with Asana via **Truto**, a secure API aggregator that handles authentication and data exchange.

When you connect Asana:

1. You authenticate using your Asana admin account via Truto’s OAuth flow
2. Truto establishes a secure connection with your Asana workspace
3. Sprinto receives a connection identifier (not raw credentials)
4. User and access data are synced from Asana to Sprinto
5. Sprinto maps this data to access controls and compliance checks

Sprinto uses this data to:

* Track workspace users and roles
* Identify active and inactive users
* Monitor access removal during offboarding
* Support periodic access reviews

***

### Prerequisites

Before setting up the integration, ensure the following:

* You have **Admin or Workspace Owner access** in Asana
* You have access to the **Sprinto dashboard**
* Your organisation uses Asana for internal workflows
* You can authenticate via OAuth (SSO or credentials)

***

### Use cases

You can use this integration to:

* **Conduct access reviews**\
  Verify that only authorised users have access to Asana
* **Ensure offboarding compliance**\
  Automatically detect if access is not revoked for offboarded users
* **Maintain audit readiness**\
  Provide evidence of access control for SOC 2 and ISO 27001 audits
* **Improve visibility**\
  Track user roles (Admin, Member, Guest) across the workspace

***

### Permissions and data access

#### Permissions required

To successfully connect Asana, the following is required:

* **Admin user with full access** to the Asana workspace

#### Data accessed by Sprinto

Sprinto collects the following data from Asana:

* **Primary email**
* **Username (display name)**
* **User status** (active/inactive)
* **Roles** (Admin, Member, Guest)
* **Workspace membership**

This data is used strictly for compliance monitoring and access reviews.

#### Authentication and security

* Integration is performed via **OAuth 2.0** using Truto
* Sprinto does **not store Asana credentials**
* Tokens and sensitive data are securely managed by Truto
* Only minimal required scopes are requested:
  * `read_users`
  * `read_workspaces`
  * `read_teams`

***

### Monitors and compliance

#### Active monitor

* **Ensure Asana access removed for offboarded users**
  * Triggered when a user is offboarded in Sprinto
  * Flags if the user still has access to Asana

***

#### Compliance coverage

This integration supports:

* Access control policies
* User lifecycle management
* Offboarding validation
* Audit evidence collection

***

### Setup Asana (Access Review)

Follow these steps to connect Asana for access reviews.

#### Step 1: Navigate to Asana integration

1. Log in to the Sprinto dashboard.
2. Go to **Settings → Integrations.**
3. In the **All** tab, search for **Asana.**
4. Click **Connect.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FV2bjDzkF5DMzdsQ6U8fF%2FScreenshot%202026-04-13%20at%2016.35.15.png?alt=media&#x26;token=bd6ca89b-a142-47dd-a3e4-56dbe8861458" alt="" width="563"><figcaption></figcaption></figure>

***

#### Step 2: Select Access Review

1. In the connection drawer, locate **Asana (Access Review).**
2. Click **Connect.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FQJAuFhYG5e52T5Bu7fRR%2FScreenshot%202026-04-13%20at%2016.35.49.png?alt=media&#x26;token=4c09bec7-3f3b-477b-b796-656bed55eaf7" alt="" width="375"><figcaption></figcaption></figure>

***

#### Step 3: Review permissions and data access

1. Review the **Automate evidences for** section
2. Expand **Permission & Data** and verify:
   * Admin access requirement
   * Data collected (email, username, status, roles)
3. Review **Additional information.**
4. Click **Next.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F6HpjaUaPpUv758lPJ305%2FScreenshot%202026-04-13%20at%2016.37.00.png?alt=media&#x26;token=d7a62044-35df-46b1-82ca-31d1b478084f" alt="" width="375"><figcaption></figcaption></figure>

***

#### Step 4: Configure integration

1. Review the setup instructions displayed.
2. Select the **I have admin access to my Asana account** check bo&#x78;**.**
3. Click **Connect to Asana.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FSdJ3FBjpTxN8EKm0nDZk%2FScreenshot%202026-04-13%20at%2016.38.01.png?alt=media&#x26;token=d749196a-02c8-4ca7-96be-59f693f1bfdb" alt="" width="375"><figcaption></figcaption></figure>

***

#### Step 5: Authenticate with Asana

1. In the OAuth pop-up, click **Connect.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FJhoSzN1dTBkwFxz9fjo4%2FScreenshot%202026-04-13%20at%2016.38.44.png?alt=media&#x26;token=56568552-784d-4cdc-a867-6cf75761210e" alt="" width="375"><figcaption></figcaption></figure>

2. Sign in to your Asana account.
3. Authorise access for Sprinto.

***

#### Step 6: Complete setup

1. After successful authentication, a confirmation is displayed.
2. Click **Close window.**

Sprinto will begin syncing user access data automatically.

***

### Post-connection flow

After successfully connecting Asana:

* Sprinto initiates an **initial user sync** from your Asana workspace
* All users, roles, and access statuses are imported
* The system is automatically added as a **critical access system**
* Access review workflows can be configured within Sprinto
* Continuous monitoring begins for:
  * User access changes
  * Role updates
  * Offboarding events

This ensures that access-related controls remain up to date without manual intervention.

***

### Troubleshooting

#### Integration fails during authentication

* Ensure you are using an **Admin or Workspace Owner account**
* Retry the connection flow
* Check if your organisation restricts third-party OAuth apps

***

#### Insufficient permissions error

* Verify that your Asana role has **full admin access**
* If permissions were recently changed, reconnect the integration

***

#### Users not syncing

* Wait for the initial sync to complete
* Ensure the correct workspace was selected during setup
* Reconnect the integration if syncing does not start

***

#### Connection expired or disconnected

* Reconnect Asana from the Integrations page
* Ensure your admin access is still valid

***

#### Rate limiting or temporary errors

* Retry after some time (automatic retries are applied)
* Avoid repeated reconnection attempts within a short period

***

### Support

If you have any questions or concerns during the integration process, don't hesitate to reach out to Sprinto Support via the in-app chat or write to us at [Sprinto Support](mailto:support@sprinto.com). We're here to help!