The Webflow integration enables security and compliance teams to automate User Access Reviews (UAR) by syncing user access data directly from Webflow. This helps organizations review who has access to Webflow and maintain accurate access records for compliance monitoring.
Key Capabilities
User Access Review Data Sync: Import Webflow user account data into Drata
Access Governance: Monitor which users have access to Webflow within your organization
Compliance Monitoring: Maintain visibility into user access for audit and compliance workflows
This integration supports User Access Review workflows, helping demonstrate compliance with access control policies.
Prerequisites & Data Access
Webflow Access Requirements
You must have a Webflow account with Admin privileges.
You must retrieve your Webflow Site ID.
You must create a Webflow OAuth application to generate a Client ID and Client Secret.
Drata Role Requirements
To create or modify connections, you must have one of the following Drata roles with write access: Admin, Workspace Manager, or DevOps Engineer
Access Reviewers can view the connection page but cannot create or modify connections.
Permissions & Data Table
Permission/Scope | Why It’s Needed |
users:read | Allows Drata to retrieve Webflow user account data for access reviews |
Client ID | Used to authenticate the Webflow OAuth application |
Client Secret | Used to securely authenticate the integration |
Step-by-Step Setup
Step 1: Retrieve Your Webflow Site ID
Log in to your Webflow account.
In the left menu, select All sites.
Select the ellipsis menu for the site you want to connect.
Open Settings.
Under General, scroll to the Overview section.
Copy the Site ID and store it securely.
Expected outcome:
You have copied the Webflow Site ID required for the integration.
Step 2: Create a Webflow OAuth Application
In Webflow, open Settings.
Navigate to Apps & Integrations.
Scroll to the App development section.
Select Create an App.
Enter the following application details:
App Name
Description
Homepage URL
Enable the Data client (REST API) option.
Enter the following Redirect URL:
https://api.stackone.com/connect/oauth2/webflow_iam/callbackUnder permissions, select Read-only access for User Account.
Create the application.
Note: Selecting read-only access enables the users:read scope.
Expected outcome:
A Webflow OAuth application is created with the required permissions.
Step 3: Retrieve OAuth Credentials
After creating the application, copy the following credentials:
Client ID
Client Secret
Store these credentials securely.
Expected outcome:
You have retrieved the Client ID and Client Secret required to connect Webflow to Drata.
Step 4: Connect Webflow in Drata
Log in to Drata → go to the Connections page.
Navigate to your Available Connections.
Search for and start the Webflow connection process.
Enter the following information when prompted:
Client ID
Client Secret
Webflow Site ID
Application Scopes
Expected outcome:
Webflow is successfully connected and user access data begins syncing to Drata.
Important Notes
Authentication method: The Webflow integration uses OAuth application credentials.
Permission scope: The integration requires read-only access to Webflow user account data.
Security best practice: Store OAuth credentials securely and rotate them according to your organization’s security policies.
Network restrictions: If your organization uses a Web Application Firewall (WAF), ensure required Drata IP addresses are allowlisted so the connection can be established.