> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List groups for an audit

> Retrieves groups population data for an audit.

This endpoint provides access to the group records visible to auditors
during an audit engagement. Groups represent organizational units that
contain people, either imported from an identity provider (IDP) or
created manually in Vanta.

Only Controlled Audit View (CAV) audits are supported. Full Audit
View audits are rejected with 403.

Supports filtering by:
- `search`: Searches group names (case-insensitive)
- `sourcesMatchesAny`: Filters by IDP source service names

Results are sorted by name (ascending) by default.
Use `orderBy` and `orderDirection` to customize sorting.
Sort parameters must remain consistent across paginated requests.

Uses cursor-based pagination. To paginate:
1. Make initial request with desired `pageSize`
2. Check `results.pageInfo.hasNextPage`
3. Use `results.pageInfo.endCursor` as `pageCursor` for next request

Rate limit: 10 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples get /audits/{auditId}/personnel/groups
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: US Region API
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/{auditId}/personnel/groups:
    get:
      tags:
        - Audits
      summary: List groups for an audit
      description: |-
        Retrieves groups population data for an audit.

        This endpoint provides access to the group records visible to auditors
        during an audit engagement. Groups represent organizational units that
        contain people, either imported from an identity provider (IDP) or
        created manually in Vanta.

        Only Controlled Audit View (CAV) audits are supported. Full Audit
        View audits are rejected with 403.

        Supports filtering by:
        - `search`: Searches group names (case-insensitive)
        - `sourcesMatchesAny`: Filters by IDP source service names

        Results are sorted by name (ascending) by default.
        Use `orderBy` and `orderDirection` to customize sorting.
        Sort parameters must remain consistent across paginated requests.

        Uses cursor-based pagination. To paginate:
        1. Make initial request with desired `pageSize`
        2. Check `results.pageInfo.hasNextPage`
        3. Use `results.pageInfo.endCursor` as `pageCursor` for next request

        Rate limit: 10 requests / minute.
      operationId: ListPersonnelGroups
      parameters:
        - description: The audit ID
          in: path
          name: auditId
          required: true
          schema:
            type: string
        - description: Maximum number of results per page (1-100, default 10)
          in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - description: Pagination cursor from previous response
          in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: Search term for filtering by group name
          in: query
          name: search
          required: false
          schema:
            type: string
        - description: Filter groups by IDP source service names
          in: query
          name: sourcesMatchesAny
          required: false
          schema:
            items:
              type: string
            type: array
        - description: >-
            Field to sort results by. Allowed: "name", "members", "source",
            "tasksLastUpdated", "pointOfContact". Default: "name"
          in: query
          name: orderBy
          required: false
          schema:
            $ref: '#/components/schemas/GroupOrderBy'
        - description: 'Sort direction: "asc" or "desc". Default: "asc"'
          in: query
          name: orderDirection
          required: false
          schema:
            $ref: '#/components/schemas/OrderDirection'
      responses:
        '200':
          description: Paginated list of groups with pagination metadata
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_PersonnelGroup_'
              examples:
                Example 1:
                  value:
                    results:
                      pageInfo:
                        hasNextPage: true
                        hasPreviousPage: false
                        startCursor: 5f2c939a52855e725c8d5824
                        endCursor: 5f2c939a52855e725c8d5824
                      data:
                        - id: 5f2c939a52855e725c8d5824
                          name: Engineering
                          members: 42
                          source: Okta
                          tasks:
                            - name: Security Training
                            - name: Policy Acceptance
                          tasksLastUpdated: '2024-06-15T10:30:00.000Z'
                          pointOfContact: Jane Doe
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: ListPersonnelGroups
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.listPersonnelGroups({
                auditId: "<id>",
              });

              console.log(result);
            }

            run();
        - lang: java
          label: ListPersonnelGroups
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.operations.ListPersonnelGroupsRequest;

            import
            com.vanta.vanta_auditor_api.models.operations.ListPersonnelGroupsResponse;

            import java.lang.Exception;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    ListPersonnelGroupsRequest req = ListPersonnelGroupsRequest.builder()
                            .auditId("<id>")
                            .build();

                    ListPersonnelGroupsResponse res = sdk.audits().listPersonnelGroups()
                            .request(req)
                            .call();

                    if (res.paginatedResponsePersonnelGroup().isPresent()) {
                        System.out.println(res.paginatedResponsePersonnelGroup().get());
                    }
                }
            }
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    GroupOrderBy:
      type: string
      enum:
        - name
        - members
        - source
        - tasksLastUpdated
        - pointOfContact
    OrderDirection:
      type: string
      enum:
        - asc
        - desc
      description: >-
        Sort direction shared across the external REST API surface.


        `"asc"` for ascending, `"desc"` for descending. Endpoints expose this as
        the

        `orderDirection` / `sortDirection` query parameter and map it onto
        whatever

        internal direction representation the underlying service expects.
    PaginatedResponse_PersonnelGroup_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/PersonnelGroup'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    PersonnelGroup:
      description: >-
        A group record from the personnel population.


        `id` and `name` are required. All other fields are optional to support
        customizable field visibility.


        Omitted keys mean the column is not in the response; `null` means the
        column is present but empty.
      properties:
        id:
          type: string
          description: Unique identifier for the group.
          example: 5f2c939a52855e725c8d5824
        name:
          type: string
          description: Display name of the group.
          example: Engineering
        members:
          type: number
          format: double
          description: Number of people in this group within the audit scope.
          example: 42
        source:
          type: string
          description: >-
            The source of this group.

            For IDP-synced groups, this is the provider name (e.g., "Okta",
            "Azure AD").

            For manually created groups, this is "Vanta".
          example: Okta
        tasks:
          items:
            $ref: '#/components/schemas/PersonnelGroupTask'
          type: array
          description: >-
            Security tasks enabled for this group, or empty array if not
            available.
          example:
            - name: Security Training
            - name: Policy Acceptance
        tasksLastUpdated:
          type: string
          nullable: true
          description: >-
            When the group's task configuration was last updated, or null if
            never updated.

            ISO 8601 format.
          example: '2024-06-15T10:30:00.000Z'
        pointOfContact:
          type: string
          nullable: true
          description: >-
            Display name of the group's designated point of contact, or null if
            not set.
          example: Jane Doe
      required:
        - id
        - name
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    PersonnelGroupTask:
      description: A task assigned to a personnel group.
      properties:
        name:
          type: string
          description: Task name
      required:
        - name
      type: object
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````