Asana (Access Review) Integration

The Asana (Access Review) integration allows you to monitor and review user access to your Asana workspace directly from Sprinto.

This integration helps ensure that only authorised users retain access to Asana, supporting compliance requirements such as SOC 2 and ISO 27001.

Sprinto connects to Asana using a secure third-party aggregator and continuously syncs user access data to enable automated checks and reviews.

How it works

Sprinto integrates with Asana via Truto, a secure API aggregator that handles authentication and data exchange.

When you connect Asana:

1. You authenticate using your Asana admin account via Truto’s OAuth flow

2. Truto establishes a secure connection with your Asana workspace

3. Sprinto receives a connection identifier (not raw credentials)

4. User and access data are synced from Asana to Sprinto

5. Sprinto maps this data to access controls and compliance checks

Sprinto uses this data to:

• Track workspace users and roles

• Identify active and inactive users

• Monitor access removal during offboarding

• Support periodic access reviews

Prerequisites

Before setting up the integration, ensure the following:

• You have Admin or Workspace Owner access in Asana

• You have access to the Sprinto dashboard

• Your organisation uses Asana for internal workflows

• You can authenticate via OAuth (SSO or credentials)

Use cases

You can use this integration to:

• Conduct access reviews Verify that only authorised users have access to Asana

• Ensure offboarding compliance Automatically detect if access is not revoked for offboarded users

• Maintain audit readiness Provide evidence of access control for SOC 2 and ISO 27001 audits

• Improve visibility Track user roles (Admin, Member, Guest) across the workspace

Permissions and data access

Permissions required

To successfully connect Asana, the following is required:

• Admin user with full access to the Asana workspace

Data accessed by Sprinto

Sprinto collects the following data from Asana:

• Primary email

• Username (display name)

• User status (active/inactive)

• Roles (Admin, Member, Guest)

• Workspace membership

This data is used strictly for compliance monitoring and access reviews.

Authentication and security

• Integration is performed via OAuth 2.0 using Truto

• Sprinto does not store Asana credentials

• Tokens and sensitive data are securely managed by Truto

• Only minimal required scopes are requested:

  • read_users

  • read_workspaces

  • read_teams

Monitors and compliance

Active monitor

• Ensure Asana access removed for offboarded users

  • Triggered when a user is offboarded in Sprinto

  • Flags if the user still has access to Asana

Compliance coverage

This integration supports:

• Access control policies

• User lifecycle management

• Offboarding validation

• Audit evidence collection

Setup Asana (Access Review)

Follow these steps to connect Asana for access reviews.

Step 1: Navigate to Asana integration

1. Log in to the Sprinto dashboard.

2. Go to Settings → Integrations.

3. In the All tab, search for Asana.

4. Click Connect.

Step 2: Select Access Review

1. In the connection drawer, locate Asana (Access Review).

2. Click Connect.

Step 3: Review permissions and data access

1. Review the Automate evidences for section

2. Expand Permission & Data and verify:

   • Admin access requirement

   • Data collected (email, username, status, roles)

3. Review Additional information.

4. Click Next.

Step 4: Configure integration

1. Review the setup instructions displayed.

2. Select the I have admin access to my Asana account check box.

3. Click Connect to Asana.

Step 5: Authenticate with Asana

1. In the OAuth pop-up, click Connect.

1. Sign in to your Asana account.

2. Authorise access for Sprinto.

Step 6: Complete setup

1. After successful authentication, a confirmation is displayed.

2. Click Close window.

Sprinto will begin syncing user access data automatically.

Post-connection flow

After successfully connecting Asana:

• Sprinto initiates an initial user sync from your Asana workspace

• All users, roles, and access statuses are imported

• The system is automatically added as a critical access system

• Access review workflows can be configured within Sprinto

• Continuous monitoring begins for:

  • User access changes

  • Role updates

  • Offboarding events

This ensures that access-related controls remain up to date without manual intervention.

Troubleshooting

Integration fails during authentication

• Ensure you are using an Admin or Workspace Owner account

• Retry the connection flow

• Check if your organisation restricts third-party OAuth apps

Insufficient permissions error

• Verify that your Asana role has full admin access

• If permissions were recently changed, reconnect the integration

Users not syncing

• Wait for the initial sync to complete

• Ensure the correct workspace was selected during setup

• Reconnect the integration if syncing does not start

Connection expired or disconnected

• Reconnect Asana from the Integrations page

• Ensure your admin access is still valid

Rate limiting or temporary errors

• Retry after some time (automatic retries are applied)

• Avoid repeated reconnection attempts within a short period

Support

If you have any questions or concerns during the integration process, don't hesitate to reach out to Sprinto Support via the in-app chat or write to us at Sprinto Support. We're here to help!