Overview

📘

Note

The Drata integration is currently enabled by the Jit team.
Self-service configuration will be available in a future release.

Integrating with Drata enables you to:

• Automate evidence submission for key technical SOC2 controls to the Drata platform.
  Learn more in SOC2 by Drata.

Integration steps

• Step 1: Create an API token in your Drata account.
• Step 2: Assign and create secrets and tokens in Jit.
• Step 3: Configure the integration in Jit.

Step 1: Create an API Token in Your Drata Account

1. Log in to https://app.drata.com > Click on your profile name > Settings.

2. 

   Click API Keys.

3. 

   Click Create API Key.

4. 

   Fill out the Create API Key Form using the guidance below and be sure to save it:

5. • Expiration Date: We recommend a long expiration date so that your integration does not unexpectedly stop working.
   • The following scopes must be enabled:
     • Personnel: Personnel details - R
     • Controls: Control List - R
     • Workspaces: List workspaces - R
     • Evidence Library:List Evidence - R,Add Evidence- W, Update Evidence - W, Delete Evidence - W
6. 

   Copy the API Key and save it somewhere secure!

Step 2: Assign and create secrets and tokens in Jit

1. Create a secret for the Drata API key:

   1. In the Jit platform, go to Settings > Secrets.
   2. Click on Create new secret, and create a secret named DRATA_API_KEY and add the Drata API Key you've just created.

2. Create a Jit API Token:

   1. Click on Settings > Users & Permissions.

   2. Click on API Token > Generate Token.

   3. 

      Create a new Key, give it a meaningful description, and select a developer Role.

   4. Copy both the Client ID and Secret Key to a secret location.

3. Store these back to the Jit secrets, go back to Settings > Secrets:

   1. Click on Create new secret, and create a secret named JIT_CLIENT_ID and add the Jit Client ID you just created.
   2. Click on Create new secret, and create a secret named JIT_CLIENT_SECRET and add the Jit Secret Key you just created.

4. Make sure the names are as described for the integration to work properly.

Step 3: Enable the Drata integration in Jit

📘

Enable the Drata integration in Jit

Jit currently does not support self-service configuration of the Drata integration.

To complete the integration, the Jit team will enable the Drata evidence sync for you.

1. Complete Steps 1 and 2 above.
2. Contact Jit support and provide:
   • Your Drata workspace name
   • The email address associated with your Drata account
   • Confirmation that the Drata API token has been created

Once enabled, Jit will start syncing evidence to Drata automatically.

How to find your Drata workspace name and email

Drata workspace name

If workspaces are enabled:

• Go to Drata, then select Settings > Company Info.

• Scroll down to Workspaces section and copy the name of the workspace you want to send evidence to.

  If workspaces are not enabled:

• Go to Drata, then select Settings > Company Info.

• Copy the Project Name.

Drata account email

• Enter the email address of the Drata user who created the API key.

Step 4: Enable Drata in your security plans

After the Drata integration has been enabled by the Jit team, you can use it in your security plans.

Enabling Drata in a security plan allows Jit to associate findings and controls with Drata for compliance context and reporting.

Jit will now periodically send the Jit report to your Drata workspace, according to your SOC2 by Drata plan.