Skip to main content

Connecting Your First Integration

Set up your first integration to enable automated evidence collection and continuous monitoring in DSALTA.

John Ozdemir avatar
Written by John Ozdemir
Updated over a week ago

Why Integrations Matter

Each integration you connect:

  • Automatically collects compliance evidence

  • Runs continuous monitoring tests

  • Reduces manual documentation requirements

  • Provides real-time visibility into control effectiveness

  • Maintains historical records for audit purposes

Organizations that connect integrations early typically achieve compliance 2-3x faster than those relying primarily on manual evidence collection.

Recommended First Integration: Identity Provider

Your Identity Provider (IdP) should be your first integration because it:

  • Provides evidence for 20-30% of typical SOC 2 controls

  • Enables automatic user directory synchronization

  • Monitors authentication and access controls continuously

  • Serves as a foundation for other integrations

Supported Identity Providers:

  • Google Workspace

  • Microsoft 365 / Azure AD

Connecting Google Workspace

Prerequisites

  • Google Workspace admin access

  • Permission to authorize third-party applications

  • Super Admin role (or delegated admin with appropriate permissions)

Setup Steps

  1. Navigate to Integrations in the DSALTA sidebar

  2. Find Google Workspace in the available integrations list

  3. Click Connect

  4. Review the permissions DSALTA will request (read-only access to user directory, group memberships, admin logs)

  5. Click Authorize

  6. Sign in with your Google Workspace admin account

  7. Review and accept the permission request

  8. You'll be redirected back to DSALTA with a success confirmation

Time to complete: 5-7 minutes

What Gets Collected

Once connected, DSALTA automatically collects:

  • User directory and role assignments

  • Group memberships

  • Multi-factor authentication status

  • Password policies and settings

  • Admin activity logs

  • Login history and suspicious activity alerts

  • Mobile device management status

Tests That Activate

Connecting Google Workspace immediately enables automated tests for:

  • MFA enforcement across the organization

  • Admin account monitoring

  • Inactive user detection

  • Password policy compliance

  • Access review requirements

  • Separation of duties controls

Connecting Microsoft 365

Prerequisites

  • Microsoft 365 Global Administrator access

  • Azure AD permissions

  • Tenant administrator rights

Setup Steps

  1. Navigate to Integrations in DSALTA

  2. Find Microsoft 365 or Azure AD in the list

  3. Click Connect

  4. Review requested permissions (user directory, groups, audit logs - all read-only)

  5. Click Authorize

  6. Sign in with your Microsoft admin account

  7. Consent to the application permissions

  8. Return to DSALTA to confirm a successful connection

What Gets Collected

DSALTA automatically monitors:

  • Azure AD user accounts and attributes

  • Security group memberships

  • Conditional access policies

  • MFA configuration and enforcement

  • Sign-in logs and risk detections

  • Admin activity through unified audit log

  • Device compliance status

After Connecting Your IdP

Once your identity provider is connected:

Allow 15-30 minutes for initial data collection. DSALTA needs time to:

  • Sync your complete user directory

  • Collect historical log data

  • Run initial test suite

  • Generate baseline evidence

Review test results by navigating to Compliance > Tests and filtering by your IdP integration. You'll see which tests are passing and which may need attention.

Check affected controls to see which controls now have automated evidence. Navigate to any control detail page to view the Tests tab and see automated verification.

Next Integration: Cloud Infrastructure

After your IdP, connect your primary cloud provider:

Amazon Web Services (AWS)

  • Monitors IAM policies, encryption settings, and logging configuration

  • Enables 15-25% of infrastructure security controls

  • Requires IAM role with read-only permissions

Google Cloud Platform (GCP)

  • Monitors project permissions, encryption, and audit logging

  • Similar coverage to AWS for infrastructure controls

  • Requires a service account with the viewer role

Microsoft Azure

  • Monitors subscriptions, resource groups, and security policies

  • Infrastructure control coverage comparable to AWS/GCP

  • Requires a service principal with reader permissions

Integration Best Practices

Connect Early: Don't wait until you're deep into your compliance program. Integrations need time to collect historical data, and some frameworks require evidence over a period (e.g., quarterly access reviews).

Review Permissions Carefully: DSALTA requests read-only access only. Review the specific permissions during authorization to understand what data is accessed.

Monitor Integration Health: Check the Integrations page regularly to ensure connections remain active. DSALTA alerts you if an integration fails or loses authorization.

Add Integrations Progressively: You don't need to connect everything on day one. Start with your IdP and cloud provider, then add development tools, monitoring systems, and communication platforms as you progress.

Common Integration Issues

Authorization Expired: If an admin revokes access or credentials change, reconnect the integration by clicking Reconnect on the integrations page.

Insufficient Permissions: Ensure the account used for authorization has appropriate admin rights. Some integrations fail if connected with accounts lacking the necessary permissions.

Data Not Appearing: Allow 30-60 minutes for initial synchronization. If data still doesn't appear, check the integration status page for error messages.

Tests Not Running: Some tests require specific data to be present. If certain tests aren't running, verify the integration has access to the necessary systems or logs.

Integration Security

All integration credentials are:

  • Encrypted at rest and in transit

  • Stored securely using industry best practices

  • Never shared or exposed to unauthorized parties

  • Regularly rotated following security best practices

  • Limited to read-only access (DSALTA never modifies your systems)

Viewing Integration Activity

To see what your integrations are doing:

  1. Go to Integrations

  2. Click on any connected integration

  3. View Last Sync, Tests Enabled, and Evidence Collected

  4. Review any errors or warnings in the status section

Disconnecting Integrations

If you need to disconnect an integration:

  1. Navigate to Integrations

  2. Find the connected integration

  3. Click the menu icon (three dots)

  4. Select Disconnect

  5. Confirm the action

Note: Disconnecting removes automated monitoring and evidence collection. Existing evidence remains available, but no new data will be collected.

Next Steps

With your first integration connected:

  1. Wait 30-60 minutes for initial data collection

  2. Review automated test results in Compliance > Tests

  3. Check control status improvements in your active framework

  4. Plan your next integration based on your tech stack

  5. Continue following the Onboarding Roadmap

Each additional integration compounds the value of DSALTA's automation, progressively reducing your manual compliance workload.

Related Articles
Welcome to DSALTA: Platform Overview
Quick Start Guide: Your First 30 Minutes
Inviting Team Members and Assigning Roles
Navigating the DSALTA Dashboard
Understanding DSALTA's Compliance Approach
Did this answer your question?