Managing connected infrastructure accounts helps ensure Drata accurately tracks who has access to your systems and maintains a clear audit trail for access changes.

Before managing infrastructure accounts in Drata:

Drata uses read-only access to collect this information and does not make changes in your infrastructure provider.

The Infrastructure page shows accounts discovered through your connected infrastructure providers.

This page helps you:

When infrastructure accounts are first synced, they may not be automatically linked to personnel. Linking accounts helps Drata accurately track who has access to your infrastructure and maintain a clear audit trail.

For a complete explanation of how account linking works across Drata, including how service accounts are handled, refer to Linking accounts to personnel in Drata.

Note: When you remove a user from your connected infrastructure system, it can take up to 24 hours to see the updates appear within Drata. This is due to the connection API.

Deleting an account in your infrastructure provider will not remove it from Drata. Instead, Drata records a timestamp indicating when access was revoked, creating an audit trail used to track access control SLAs. The timestamp is indicated under the Access revoked column.

This ensures you can demonstrate when access was removed, which is often required during audits.

For infrastructure accounts, Drata may display indicators such as database access or administrative access.

Drata does not allow you to enable or disable DB or admin access from this page. To change these permissions, update the account directly in your infrastructure provider. Drata will reflect the change after the next sync.

For some infrastructure accounts, Drata detects access indicators such as MFA status. Important details are indicated under the MFA column.

If an MFA-related test fails, refer to Test 86: MFA on Identity Provider for remediation guidance.

It's important to let Drata know the appropriate level of access each user should have across your company's infrastructure provider. Drata's daily, automated tests will confirm and collect evidence for future audits. If unauthorized access is detected, your team will be alerted automatically.

Remember, Drata is only provided with Read-Only access to your company's systems. The toggles on this page are not changing any permissions or access levels on your actual infrastructure provider.

If your organization uses more than one infrastructure provider, you may be unsure which one to connect to Drata first. A good starting point is the provider that supports the systems your business relies on most, including where customer data is stored.

In some cases, environments that aren’t production may still be important. For example, if developers write or store source code in a development environment, access to that environment may also need to be monitored.

You don’t need to connect everything at once. Drata allows you to connect multiple infrastructure providers over time, so you can start with the most critical systems and expand as needed. Final decisions about what is included in your audit should always be confirmed with your auditor, based on your organization’s specific setup.

1. Select "Connections" from the left side navigation menu.

2. Click "Manage Accounts" next to your company's connected Infrastructure.

(Note: you need to first connect your Infrastructure provider to Drata.)

Note: Azure is shown in the photo above, but your company might be using a different provider.

3. The first time you view the "Manage Accounts" page after connecting your infrastructure, it will look something like this:

You'll notice that the list of IAM users are not currently linked to any of your personnel. You'll need to make those initial connections one time here in Drata. To do so, simply click on the dropdown in the User column and begin typing the name of the matching personnel.

Now that user is linked and the icon in the first column has been updated to a link. Use the arrow icon in the far right column to unlink this record and relink it to another employee account in the User column if an adjustment is needed.

Now, let's look at the last 5 columns of the table:

When you remove a user from your connected infrastructure system, it can take up to 24 hours to see the updates appear within Drata. This is due to the connection API.

Deleting an account in your infrastructure system will not remove it from Drata. Instead, Drata will add a timestamp under 'Access Revoked' on the Managed Accounts screen. This is important as it creates an audit trail allowing for tracking of access control SLAs.

The toggles in the "DB Access" and "Admin Access" columns do not yet influence any automated monitoring tests in Drata. These toggles are optional to set.

The next column is "Has MFA". This column is 100% automated and pulling in from the infrastructure provider. It's important that IAM users have MFA enabled.

The last column has a Gear icon. If you hover over the icon, you'll see a tooltip that says "Make Out of Scope (Ignore)." Click this gear only for IAM users that are not actual real people at your company, but instead are accounts meant for conducted specific services automatically. When you click the icon, you'll see a modal window that looks like this:

You'll be prompted to provide the business rationale for having an account that is not unique to any individual at your company. Inputting this information here will save you time during your next audit. This action also makes this record appear with the link icon in the far left column, and will help avoid test failures for this record.

Learn more about how identity sync updates are made in Drata in connection to your Infrastructure and how accounts are revoked.