DRATA - SSO configuration

DRATA - SSO configuration

Alert
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Drata using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
Warning
To set up Multi-Pass with Drata, ensure you meet the following requirements:
  1. Drata admin right
  2. MPAS Admin rights
  3. Make sure that all users intended to use SSO in Drata are registered in your IdP and have the necessary permissions to access Drata.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.





DRATA - SSO configuration






Step 1 — Configure in Drata (Service Provider)

  1. Log in to the Drata Admin Dashboard
  2. Go to Settings
  3. Navigate to Authentication / Single Sign-On
  4. Enable SSO via Identity Provider (WorkOS)
  5. Choose SAML as the authentication method
Drata SAML Values
FieldValue
SP Entity ID<PROVIDED_BY_DRATA_WORKOS>
Assertion Consumer Service (ACS) URL<PROVIDED_BY_DRATA_WORKOS>
NameID FormatEmailAddress

Identity Provider Details to Enter in Drata
FieldValue
IdP Entity IDhttps://ca.auth.kzero.com/realms/<TENANT_NAME>
IdP SSO URLhttps://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml
X.509 Certificate
-----BEGIN CERTIFICATE-----
[Paste the certificate from the XML]
-----END CERTIFICATE-----


Step 2 — Configure in Multi-Pass (Identity Provider)

  1. Open Multi-Pass Dashboard

  1. Select your tenant.
  2. Go to Integrations.
  3. Click on Applications.
  4. In the Custom section, choose SAML.
  1. You will arrive on the form to complete.
FieldValue
NameDrata
DescriptionSSO SAML integration for Drata
SP Entity ID<PROVIDED_BY_DRATA_WORKOS>
Assertion Consumer Service (ACS) URL<PROVIDED_BY_DRATA_WORKOS>
NameID FormatEmailAddress
  1. Click on Add integration
  2. Click on Advanced Console.
  1. Select Client, search for the integration you just created.

  1. Verify the following input : 
General settings
FieldValue
Client IDAuto-generated
NameDrata
DescriptionSSO SAML integration for Drata
Always Display in UION

Access settings
FieldValue
Home URLhttps://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/Drata
Valid Redirect URIs<ACS_URL_FROM_DRATA>
IDP-Initiated SSO URL NameDrata

SAML Capabilities
SettingValue
Force Name ID FormatON
Force POST BindingON
Include AuthnStatementON

Signature & Encryption
SettingValue
Sign DocumentsOFF
Sign AssertionsON
  1. Now that you have checked the different parameters, change to the tab called Keys.
  2. Make sure that both parameters are switched to OFF.
  3. Now go to the Advanced tab.
  4. The field Assertion Consumer Service POST Binding URL must equal the Valid Redirect URIs (ACS).

    • Related Articles

    • SAML SSO Integration Guide

      This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...
    • D2L Brightspace - SSO Integration

      This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...
    • Mulesoft - SSO Integration

      This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...
    • Notion - SSO configuration

      Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...
    • Heap - SSO configuration

      Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...