DRATA - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Drata using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Drata, ensure you meet the following requirements:
- Drata admin right
- MPAS Admin rights
- Make sure that all users intended to use SSO in Drata are registered in your IdP and have the necessary permissions to access Drata.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
DRATA - SSO configuration
Step 1 — Configure in Drata (Service Provider)
- Log in to the Drata Admin Dashboard
- Go to Settings
- Navigate to Authentication / Single Sign-On
- Enable SSO via Identity Provider (WorkOS)
- Choose SAML as the authentication method
Drata SAML Values
| Field | Value |
|---|---|
| SP Entity ID | <PROVIDED_BY_DRATA_WORKOS> |
| Assertion Consumer Service (ACS) URL | <PROVIDED_BY_DRATA_WORKOS> |
| NameID Format | EmailAddress |
Identity Provider Details to Enter in Drata
| Field | Value |
|---|---|
| IdP Entity ID | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| IdP SSO URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| X.509 Certificate | -----BEGIN CERTIFICATE----- [Paste the certificate from the XML] -----END CERTIFICATE----- |
Step 2 — Configure in Multi-Pass (Identity Provider)
- Select your tenant.
- Go to Integrations.
- Click on Applications.
- In the Custom section, choose SAML.
- You will arrive on the form to complete.
| Field | Value |
|---|---|
| Name | Drata |
| Description | SSO SAML integration for Drata |
| SP Entity ID | <PROVIDED_BY_DRATA_WORKOS> |
| Assertion Consumer Service (ACS) URL | <PROVIDED_BY_DRATA_WORKOS> |
| NameID Format | EmailAddress |
- Click on Add integration
- Click on Advanced Console.
- Select Client, search for the integration you just created.
- Verify the following input :
General settings
| Field | Value |
|---|---|
| Client ID | Auto-generated |
| Name | Drata |
| Description | SSO SAML integration for Drata |
| Always Display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/Drata |
| Valid Redirect URIs | <ACS_URL_FROM_DRATA> |
| IDP-Initiated SSO URL Name | Drata |
SAML Capabilities
| Setting | Value |
|---|---|
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Now that you have checked the different parameters, change to the tab called Keys.
- Make sure that both parameters are switched to OFF.
- Now go to the Advanced tab.
- The field Assertion Consumer Service POST Binding URL must equal the Valid Redirect URIs (ACS).
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Heap - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...