The OpenVPN integration enables security and compliance teams to automate User Access Reviews (UAR) by syncing user access data directly from OpenVPN. This helps organizations review which users have access to OpenVPN and monitor account access for compliance and security governance.
Key Capabilities
User Access Monitoring: Retrieve OpenVPN user accounts for access review workflows
VPN Access Visibility: Monitor which users have access to your OpenVPN environment
Compliance Monitoring: Maintain visibility into remote access systems for audit readiness
This integration supports User Access Review workflows, helping demonstrate compliance with access control policies.
Prerequisites & Data Access
Before connecting OpenVPN to Drata, ensure the following requirements are met.
OpenVPN Access Requirements
You must have Administrator privileges in your OpenVPN account.
You must enable the OpenVPN API.
You must generate API credentials and retrieve the following values:
Client ID
Client Secret
Cloud ID (subdomain)
Drata Role Requirements
To create or modify connections, you must have one of the following Drata roles with write access:
Admin
Workspace Manager
DevOps Engineer
Access Reviewers can view the connection page but cannot create or modify connections.
Permissions & Data Table
Permission / Access | Why It’s Needed |
OpenVPN API access | Allows Drata to retrieve user account data |
Client ID | Authenticates the OpenVPN API connection |
Client Secret | Secures the authentication process |
Cloud ID (subdomain) | Identifies the OpenVPN environment being connected |
Step-by-Step Setup
Step 1: Enable the OpenVPN API
Log in to your OpenVPN account.
In the left navigation menu, select API & Logs.
Select API.
Ensure Enable API for the Cloud ID is enabled.
Expected outcome:
The OpenVPN API is enabled for your environment.
Step 2: Create OpenVPN API Credentials
On the API page, select Create Credentials.
Enter a name for the credentials.
Select the desired lifetime (expiration period).
Create the credentials.
After creation:
Copy the Client ID
Copy the Client Secret
Important:
The Client ID and Client Secret are only shown once, so store them securely.
Expected outcome:
You have generated the Client ID and Client Secret required for the integration.
Step 3: Retrieve Your Cloud ID
Locate your Cloud ID (also known as your OpenVPN subdomain).
Copy this value, as it will be required during the connection process.
Expected outcome:
You have copied the OpenVPN Cloud ID required for the integration.
Step 4: Connect OpenVPN in Drata
Log in to Drata → go to the Connections page.
Navigate to your Available Connections.
Search for and start the OpenVPN connection process.
Enter the following information when prompted:
Client ID
Client Secret
Cloud ID
Expected outcome:
OpenVPN is successfully connected and user access data begins syncing to Drata.
Important Notes
Authentication method: The OpenVPN integration uses API credentials.
Credential expiration: When the credential lifetime expires, new credentials must be created and updated in the Drata connection settings.
Credential visibility: The Client ID and Client Secret are displayed only once when created.
Network restrictions: If your organization uses a Web Application Firewall (WAF), ensure required Drata IP addresses are allowlisted so the connection can be established.