New Experience
This article applies to the New Experience.
Overview
When accounts are first synced into Drata, they may not be automatically linked to personnel. Linking accounts to personnel helps Drata:
Understand who has access to systems
Accurately evaluate access-related compliance requirements
Maintain a clear audit trail
Reduce audit follow-up questions
Prerequisite
Personnel are synced into Drata from your identity provider. If no identity provider is connected:
The Personnel dropdown may not have options to select from.
How to link an account to personnel
For accounts that represent access held by an individual employee:
From the Connections page, open the relevant Manage accounts page.
This example shows the Infrastructure page, but the same actions are available across all account management pages.
Locate the account you want to link.
In the Personnel column, select the appropriate employee.
Once linked, the account is associated with that person. If ownership changes later, you can select the ellipse to unlink the account and relink it to a different employee.
Handling service and non-human accounts
Not all accounts belong to a specific individual. Common examples include:
Service accounts
Automation users
System-generated identities
These accounts should not be linked to personnel. Instead, they can be marked out of scope with a documented business rationale.
How to mark an account out of scope
Open the relevant Manage accounts page.
For the desired account, select the ellipse > Mark out of scope.
Provide a brief rationale explaining why the account does not represent individual access.
Once an account is marked out of scope:
It cannot be linked to personnel
The rationale remains visible for audit purposes
You can view the rationale or mark the account back in scope from the same ellipsis (⋯) menu


