IdP Group Mapping

Mapping IdP Groups to Roles in Drata

As Drata's enterprise customer base grew, administrators were spending increasing amounts of time manually assigning roles to individual users. To solve this, we introduced IdP group mapping, allowing administrators to automatically map groups from identity providers like Okta and Azure AD to roles within Drata.

Client

Drata

Expertise

UX + UI Design

UX Research

Industries

Identity

Compliance

Date

January 2026

The Challenge

Administrators were responsible for assigning roles to every user individually, creating a workflow that became increasingly difficult as organizations grew.

For customers with 50 or more users, this led to several challenges:

Time-consuming administration: IT teams spent hours assigning and updating roles for new hires, internal transfers, and employee departures.
Risk of access errors: Manual assignments increased the likelihood of incorrect permissions, creating compliance risks and unnecessary access.
Delayed onboarding: New employees could be provisioned through their identity provider but still required a separate manual step before accessing Drata.
Complex access reviews: Without a direct relationship between IdP groups and Drata roles, audits and permission reviews required additional manual effort.

Enterprise customers expected user access to reflect the identity structure they had already established, allowing existing IdP groups to drive permissions automatically.

The Approach

This feature was designed for Drata administrators and IT operations teams responsible for managing user access across the platform. These users already relied on centralized identity management and wanted to reduce manual work while maintaining confidence in their access controls.

Before designing the experience, we conducted an audit of the existing role structure by analyzing role adoption across enterprise customers. This helped identify underutilized roles that could be consolidated, simplifying the overall permission model before introducing automation.

Next, we conducted discovery interviews with five enterprise customers to better understand their current workflows, pain points, and expectations around identity management. After synthesizing the findings, we created low fidelity wireframes to validate the end-to-end workflow before moving into AI-powered rapid prototyping using v0, allowing us to quickly iterate on interactions and gather internal feedback.

The Results

The feature successfully launched to all Drata customers, providing a scalable way to manage user permissions through existing identity provider groups rather than manual role assignment.

By aligning role management with customers' existing identity infrastructure, the experience reduced administrative overhead, streamlined user onboarding, and created a more maintainable permission model for growing organizations. The project also established a stronger foundation for future enterprise identity and governance capabilities, supporting Drata's continued investment in scalable access management.

Beyond the shipped feature, the research uncovered opportunities to simplify Drata's role model and informed future work around permissions, governance, and enterprise administration.

Role Administration — Mapping Result

Role Administration — User Result

IdP Group Mapping

Mapping IdP Groups to Roles in Drata

As Drata's enterprise customer base grew, administrators were spending increasing amounts of time manually assigning roles to individual users. To solve this, we introduced IdP group mapping, allowing administrators to automatically map groups from identity providers like Okta and Azure AD to roles within Drata.

Client

Drata

Expertise

UX + UI Design

UX Research

Industries

Identity

Compliance

Date

January 2026

The Challenge

Administrators were responsible for assigning roles to every user individually, creating a workflow that became increasingly difficult as organizations grew.

For customers with 50 or more users, this led to several challenges:

Time-consuming administration: IT teams spent hours assigning and updating roles for new hires, internal transfers, and employee departures.
Risk of access errors: Manual assignments increased the likelihood of incorrect permissions, creating compliance risks and unnecessary access.
Delayed onboarding: New employees could be provisioned through their identity provider but still required a separate manual step before accessing Drata.
Complex access reviews: Without a direct relationship between IdP groups and Drata roles, audits and permission reviews required additional manual effort.

Enterprise customers expected user access to reflect the identity structure they had already established, allowing existing IdP groups to drive permissions automatically.

The Approach

This feature was designed for Drata administrators and IT operations teams responsible for managing user access across the platform. These users already relied on centralized identity management and wanted to reduce manual work while maintaining confidence in their access controls.

Before designing the experience, we conducted an audit of the existing role structure by analyzing role adoption across enterprise customers. This helped identify underutilized roles that could be consolidated, simplifying the overall permission model before introducing automation.

Next, we conducted discovery interviews with five enterprise customers to better understand their current workflows, pain points, and expectations around identity management. After synthesizing the findings, we created low fidelity wireframes to validate the end-to-end workflow before moving into AI-powered rapid prototyping using v0, allowing us to quickly iterate on interactions and gather internal feedback.

The Results

The feature successfully launched to all Drata customers, providing a scalable way to manage user permissions through existing identity provider groups rather than manual role assignment.

By aligning role management with customers' existing identity infrastructure, the experience reduced administrative overhead, streamlined user onboarding, and created a more maintainable permission model for growing organizations. The project also established a stronger foundation for future enterprise identity and governance capabilities, supporting Drata's continued investment in scalable access management.

Beyond the shipped feature, the research uncovered opportunities to simplify Drata's role model and informed future work around permissions, governance, and enterprise administration.

IdP Group Mapping

Mapping IdP Groups to Roles in Drata

The Challenge

Administrators were responsible for assigning roles to every user individually, creating a workflow that became increasingly difficult as organizations grew.

For customers with 50 or more users, this led to several challenges:

Time-consuming administration: IT teams spent hours assigning and updating roles for new hires, internal transfers, and employee departures.

Risk of access errors: Manual assignments increased the likelihood of incorrect permissions, creating compliance risks and unnecessary access.

Delayed onboarding: New employees could be provisioned through their identity provider but still required a separate manual step before accessing Drata.

Complex access reviews: Without a direct relationship between IdP groups and Drata roles, audits and permission reviews required additional manual effort.

Enterprise customers expected user access to reflect the identity structure they had already established, allowing existing IdP groups to drive permissions automatically.

The Approach

This feature was designed for Drata administrators and IT operations teams responsible for managing user access across the platform. These users already relied on centralized identity management and wanted to reduce manual work while maintaining confidence in their access controls.

Before designing the experience, we conducted an audit of the existing role structure by analyzing role adoption across enterprise customers. This helped identify underutilized roles that could be consolidated, simplifying the overall permission model before introducing automation.

The Results

The feature successfully launched to all Drata customers, providing a scalable way to manage user permissions through existing identity provider groups rather than manual role assignment.

Beyond the shipped feature, the research uncovered opportunities to simplify Drata's role model and informed future work around permissions, governance, and enterprise administration.

Role Administration — Mapping Result

Role Administration — User Result

IdP Group Mapping

Mapping IdP Groups to Roles in Drata

The Challenge

Administrators were responsible for assigning roles to every user individually, creating a workflow that became increasingly difficult as organizations grew.

For customers with 50 or more users, this led to several challenges:

Time-consuming administration: IT teams spent hours assigning and updating roles for new hires, internal transfers, and employee departures.

Risk of access errors: Manual assignments increased the likelihood of incorrect permissions, creating compliance risks and unnecessary access.

Delayed onboarding: New employees could be provisioned through their identity provider but still required a separate manual step before accessing Drata.

Complex access reviews: Without a direct relationship between IdP groups and Drata roles, audits and permission reviews required additional manual effort.

Enterprise customers expected user access to reflect the identity structure they had already established, allowing existing IdP groups to drive permissions automatically.

The Approach

This feature was designed for Drata administrators and IT operations teams responsible for managing user access across the platform. These users already relied on centralized identity management and wanted to reduce manual work while maintaining confidence in their access controls.

Before designing the experience, we conducted an audit of the existing role structure by analyzing role adoption across enterprise customers. This helped identify underutilized roles that could be consolidated, simplifying the overall permission model before introducing automation.

The Results

The feature successfully launched to all Drata customers, providing a scalable way to manage user permissions through existing identity provider groups rather than manual role assignment.

Beyond the shipped feature, the research uncovered opportunities to simplify Drata's role model and informed future work around permissions, governance, and enterprise administration.

Role Administration — Mapping Result

Role Administration — User Result