APIAikido login

Drata Compliance integration

The Drata integration automatically pushes Evidence to Drata for SOC2 and ISO27001:2022. To activate the Drata integration, in Aikido: Go to Settings > Integrations > Drata and click 'Add Drata integr

API Key

You'll need to create a Drata API Key. You can generate such key in Drata via Username > Settings > API Keys > Create API Key.

Details

Make sure the Expiration is set to 'Never Expires'.

API key setup screen with fields for name, expiration, and allowed IP addresses.

Scopes

The access for the scopes can be set to 'Custom' with at least following scopes.

Controls:

  • Controls list: Read

  • Add control: Write

  • Map external evidence: Read, Write

  • Delete mapped external evidence: Write

Workspaces:

  • List workspaces: Read

Frameworks:

  • List frameworks: Read

  • List framework requirements: Read

User permissions matrix for controls, workspaces, and frameworks management.

Save

Next, click 'Save' and copy your generated API Key.

Back in Aikido, paste the API Key and click 'Next'. After that, choose your Drata workspace and click 'Save'.

Enter your Drata API Key to integrate data and proceed to the next step.

Done

Aikido will now daily create a PDF report and sync this as 'external evidence' to Drata. We'll create a control with code 'AIKIDO' and link the relevant SOC2 and ISO27001 requirements. You can search for this control here.

Under 'Control evidence', the Aikido PDF will be attached every month

Last updated

Was this helpful?