Integrating Your Storage System

Owned by Tristan Mohn (Deactivated)
Last updated: Feb 09, 2023 by Victoria Buhler (Deactivated)
8 min read


Search our site

Benefits

ZenGRC utilizes the latest technology to allow users to integrate their own storage solution, such as Box, Google Drive, Amazon, or Microsoft OneDrive. The benefits include the following:

  • Unify and simplify the user experience for all document integrations.

  • Completely remove our developers' involvement with storage integrations.

  • Reduce scope of permissions needed.

NOTE

To activate the Microsoft OneDrive link, please contact us at support@reciprocity.com.

 

IMPORTANT

ZenGRC allows you to connect to different storage solutions at once, but it does not migrate content. If it's necessary to migrate documents from one to another, please contact your IT department.

Overview

For Google Drive, Amazon and OneDrive, the selected storage integration is set only once, not with each audit. It is also global, meaning it covers all documents uploaded to any object in the application.

For Box, any folder or sub folder that exists in Box can be selected at the audit level. This provides the ability to use different folder structures for every audit.


NOTE

When integrating your storage solution, we suggest authenticating with a profile set up with a system account that would not be impacted by organizational change. If the account used to connect to storage was to have its access revoked, you would need to reconnect to storage with a different account. This is outlined in the next section Optional First Steps.

Optional First Steps

Creating a User

We recommend setting up a new user to make the storage connection. Creating a dedicated user specifically for ZenGRC locks down your storage solution to a single, traceable service account that is not impacted by organizational changes. There are two options:

  • Create a user with a service account specifically for ZenGRC (example: ZenGRC@yourcompany.com). 
    OR

  • Use an existing account (example: compliance@yourcompany.com). Using an existing account is possible, but provides all members of the account with direct access to files in the storage solution. This approach should only be used if all members are trusted users who should have direct access to files.

Adding the User to ZenGRC

To add a user with a service account to ZenGRC, complete the following steps:

  1. Log into ZenGRC using your email address for your organization (you must be an administrator for this step)

  2. Click Settings | People.

  3. Add the service account email and set permissions to Administrator.

  4. Click Sign Out (Click your name in the lower, left-hand corner, and the Sign Out link will display).

Connecting ZenGRC to Your Storage

To access the ZenGRC Storage page and connect your storage, complete the following steps:

  1. Log in as one of the below options:

    • If you created a new user in Optional First Steps, log in as that user. 
      OR

    • Log in as an administrator.

 

  1. Click Settings | Storage.





  2. The Storage page displays.






  1. Click your storage selection under Add an integration. The options include:

    1. Amazon S3

    2. Box

    3. Google Drive

    4. Microsoft OneDrive

  2. Follow the instructions for each storage company.

Amazon S3 Instructions


In the Amazon S3 integration dialog box, there are several fields to complete that come from the setup of your S3 connection. For additional information, please refer to the following documentation:

The above documentation will help you complete the fields in the following screenshot:

 

  1. After completing the fields, click Add.

  2. Alternatively, click Cancel to discard changes and return to the Storage page.

  3. Once authenticated, the Storage page refreshes with the new Amazon S3 connection displayed. It will not be the default choice.

     

Box Instructions

Whether you are connecting to a public or private Box account, the instructions are the same.


If your organization's Box account is set up to limit the applications that connect to it, there are a few required steps to take before integrating your storage within the ZenGRC application.

Mandatory First Steps

An administrator needs to log into Box and complete the following steps:

  1. Click Admin Console | Enterprise Settings | Apps.

  2. In the Apps tab, locate the Application Settings section and find the Unpublished Applications option.



      

  3. Copy our API Key, which is k0kzgdguwdotkusi2n30nfpv29falhhv, and paste it into the exceptions box next to Unpublished Applications

  4. Click Save. This allows the ZenGRC connection to be accepted by Box.

Setting the Connection

Now, follow the instructions in Connecting ZenGRC to Storage. When it opens the Box application, complete the following steps:

  1. In the Box dialog box, enter the email address and password to your account. If you created a user as an optional step, please log in as that user.
     




  2. Click Authorize.





  3. Alternatively, if you have SSO configured, click Use Single Sign On (SSO).

  4. Once authenticated, the Storage page refreshes with the new Box connection displayed. It will not be the default choice until you set it.

Creating an Audit Using Box

After ZenGRC and Box are connected, you can create an audit and select the Box folder to use for storage.

To create a Box audit, complete the following steps:

  1. In the left-hand navigation, click the New button, then select Audit.





  2. Complete all information.

  3. Next to the Evidence folder in Box field, click Change.





  4. Select a folder and click Use this folder.

 

  1. Click Save to continue with Step 2 of audit setup.

Google Drive Instructions

  1. In the Google Drive dialog box, click Allow.





Once authenticated, the Storage page refreshes with the new Google Drive connection displayed. It will not be the default choice until you set it.


Microsoft OneDrive Instructions

  1. In the Microsoft Sign in dialog box, add your email, phone or Skype ID.





  2. Click Next.

  3. A dialog box asks if you want your ZenGRC instance to access the Microsoft account.

  4. Click Yes.

Once authenticated, the Storage page refreshes with the new OneDrive connection displayed. It will not be the default choice until you set it.


Folder Structure

Using a Box integration allows you to specify folders per audit for evidence upload. However, Google Drive, Amazon, and OneDrive have a hard-coded path that is set up as follows:

  • The storage connection creates a folder called <zengrc>.

  • All uploads are added to that folder as follows:

    • Request - File structure is <audit_name>/<request_title>_<request_id>/<filename>

    • Survey - File structure is <survey>_<survey_answer_id>_<survey_response_id>/<filename>

    • Any other object - File structure is <object_title>_<object_id>


Checking a Connection

To determine if the connection is still linked, complete the following steps:

  1. Click Check connection beside the storage integration.

  2. If the connection is still valid, a green message displays. 



     

Setting a Default Connection




To set a default connection, complete the following:

  1. Click Set default beside the storage integration you want to use.


How to Tell the Default Connection

There are several ways to differentiate your default storage if you have several connections set up. The default connection displays the following features:

  • It is encircled with a green box.

  • The Set default button is removed.

  • The Remove button is removed.




 

 

Removing a Connection


To remove a connection, complete the following steps:

  1. Click Remove beside the storage integration to be disconnected.

 

  1. A dialog box displays how many files are stored in the connection you are removing.





  2. Click Remove.

  3. Alternatively, click Cancel to discard changes and return to the Storage page.

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com