Skip to main content
All CollectionsConnectionsGeneral Information
Your Drata Domain
Your Drata Domain

Domain setup for your connections and more.

Updated over a month ago

Creating a domain within Drata serves as the foundation for your Drata account, IdP connection setup, who can log in, what email accounts are synced to the Personnel page and more. In order for Drata to create an account for you, you must provide the following information about your preferred domain.

This article explains the information you need to provide when requesting domain setup and how to manage your domain and personnel emails for future updates.

Create Account and Domain

To properly configure your Drata tenant domain, we may ask you the following questions. It is crucial for us to know the following details when setting up or configuring your domain so that the domain can meet your specific needs. If your domain configurations or connections need to be adjusted based on your answers to these questions, you can reach out to our support team.

  1. What is the domain where your in-scope personnel emails live?

  2. What is the primary domain in this IdP? Is it the same as what you provided in question # 1?

    • If it is not the same, is the email domain from #1 a secondary or verified domain in this same IdP?

  3. Do you have in-scope emails on domains in addition to the domain you specified in #1?

    • If so, what are they?

    • Note: This information is essential for our teams to determine if multi-domain support must be enabled.

  4. In what IdP platform do these in-scope emails live (e.g. Google Workspace, Microsoft 365 (Azure/Entra), Okta)?

    • If you said yes to question 3, do those additional domains also live in this same IdP?

    • If not, please list out which domains live in which IdP.

  5. What is the global or super admin email address used to log into this IdP and conduct administrative activities? While this may or may not be the same email address you use for daily correspondence or other day-to-day activities, it MUST be able to receive email.

    • Does the domain of this admin email match what you provided in #1 and #2?

    • If it does not:

      • Do you have access to an admin email with a domain that matches to what you provided in #1 and #2?

      • Does your email have admin visibility and control over the emails and domain you provided in #1 and #2?

    • Note: This information is essential for IdP connections. The domain used to create your Drata account must match the email domain of your global or super admin who is configuring that IdP connection. This is a requirement for Google Workspace and Microsoft 365 (Azure/Entra). Service accounts can also be used but further customization may be required. You can reach out to our technical support team if you prefer to utilize a service account.

Update Account Domain

At some point, your business may decide to change its domain in Drata, due to a branding change, merger/acquisition, or other reason. It is important to notify Drata if you intend to update your account domain. When notifying Drata, ensure you have all of the information from the previously listed questions under the Create Account and Domain section.

Failure to configure the updated domain within Drata may result in one or more of the following issues:

  • Primary admin, or all admins, cannot log in.

  • IdP or HRIS connection stops syncing, or syncs 0 emails.

  • Large chunks of personnel move to an employment status of “Former Employee” or “Former Contractor,” potentially on the same day. This would block login.

    • This change of employment status would also cause a loss of ownership data for items like controls, evidence, policies, risks, tasks, vendors, etc.

  • New email addresses sync into Drata and will not be mapped to existing compliance data, ownership, or other settings

Email Syntax Changes

If your organization is only changing its email domain (such as from [email protected] to [email protected]), following the steps in the previous section will ensure continuity within your IdP syncs. Drata will change both your account’s domain and all the emails of your personnel.

However, if the syntax of your emails (to the left of the @ symbol) is changing (e.g. [email protected] to [email protected]), please be aware of the following implications:

  • Drata’s personnel model enforces uniqueness on email addresses. This kind of syntax change will introduce new emails into Drata. Drata does not currently offer a way to automatically map existing compliance data, device/asset ownership, role permissions, or policy/vendor/etc. ownership between emails.

  • New personnel emails will be responsible for completing all compliance checks.

  • If you want the same person to continue to get credit for past compliance checks, and for all existing role and owner relationships to be preserved, please reach out to our support team and provide a CSV mapping the current emails on the old domain to new emails on the new domain. We will work with you on the sequence of steps that have to be completed.

Did this answer your question?