/
Integrating Your Storage System

Integrating Your Storage System

Owned by Tristan Mohn (Deactivated)
Last updated: Feb 09, 2023 by Victoria Buhler (Deactivated)
8 min read


Search our site

Benefits

ZenGRC utilizes the latest technology to allow users to integrate their own storage solution, such as Box, Google Drive, Amazon, or Microsoft OneDrive. The benefits include the following:

  • Unify and simplify the user experience for all document integrations.

  • Completely remove our developers' involvement with storage integrations.

  • Reduce scope of permissions needed.

NOTE

To activate the Microsoft OneDrive link, please contact us at support@reciprocity.com.

 

IMPORTANT

ZenGRC allows you to connect to different storage solutions at once, but it does not migrate content. If it's necessary to migrate documents from one to another, please contact your IT department.

Overview

For Google Drive, Amazon and OneDrive, the selected storage integration is set only once, not with each audit. It is also global, meaning it covers all documents uploaded to any object in the application.

For Box, any folder or sub folder that exists in Box can be selected at the audit level. This provides the ability to use different folder structures for every audit.


NOTE

When integrating your storage solution, we suggest authenticating with a profile set up with a system account that would not be impacted by organizational change. If the account used to connect to storage was to have its access revoked, you would need to reconnect to storage with a different account. This is outlined in the next section Optional First Steps.

Optional First Steps

Creating a User

We recommend setting up a new user to make the storage connection. Creating a dedicated user specifically for ZenGRC locks down your storage solution to a single, traceable service account that is not impacted by organizational changes. There are two options:

  • Create a user with a service account specifically for ZenGRC (example: ZenGRC@yourcompany.com). 
    OR

  • Use an existing account (example: compliance@yourcompany.com). Using an existing account is possible, but provides all members of the account with direct access to files in the storage solution. This approach should only be used if all members are trusted users who should have direct access to files.

Adding the User to ZenGRC

To add a user with a service account to ZenGRC, complete the following steps:

  1. Log into ZenGRC using your email address for your organization (you must be an administrator for this step)

  2. Click Settings | People.

  3. Add the service account email and set permissions to Administrator.

  4. Click Sign Out (Click your name in the lower, left-hand corner, and the Sign Out link will display).

NOTE

For additional information on adding users to ZenGRC, please see Adding and Removing Users

Connecting ZenGRC to Your Storage

To access the ZenGRC Storage page and connect your storage, complete the following steps:

  1. Log in as one of the below options:

    • If you created a new user in Optional First Steps, log in as that user. 
      OR

    • Log in as an administrator.

IMPORTANT

When logging in as the new user, do not click Reset Password as recommended in First-Time ZenGRC Access.

 

  1. Click Settings | Storage.





  2. The Storage page displays.

NOTE

The ZenGRC storage is connected by default. Another storage integration can be added and set as the default, but the ZenGRC storage cannot be removed. If your storage system is not listed under Add an integration, please contact us at support@reciprocity.com to discuss options.






  1. Click your storage selection under Add an integration. The options include:

    1. Amazon S3

    2. Box

    3. Google Drive

    4. Microsoft OneDrive

  2. Follow the instructions for each storage company.

NOTE

Please see Amazon S3 Instructions, Google Drive Instructions, Microsoft OneDrive, or Box Instructions.

Amazon S3 Instructions

NOTE

Prior to connecting your AWS storage within ZenGRC, you may need to review Setting up AWS Custom Storage.


In the Amazon S3 integration dialog box, there are several fields to complete that come from the setup of your S3 connection. For additional information, please refer to the following documentation:

The above documentation will help you complete the fields in the following screenshot:

 

  1. After completing the fields, click Add.

  2. Alternatively, click Cancel to discard changes and return to the Storage page.

  3. Once authenticated, the Storage page refreshes with the new Amazon S3 connection displayed. It will not be the default choice.

     

NOTE

To make the new storage addition the default, please see Checking Connection and Setting a Default Connection.

Box Instructions

Whether you are connecting to a public or private Box account, the instructions are the same.

IMPORTANT

After 60 days of inactivity, your Box authentication expires. To re-authorize the account, please see Refresh a Token on the Box website.


If your organization's Box account is set up to limit the applications that connect to it, there are a few required steps to take before integrating your storage within the ZenGRC application.

Mandatory First Steps

An administrator needs to log into Box and complete the following steps:

  1. Click Admin Console | Enterprise Settings | Apps.

  2. In the Apps tab, locate the Application Settings section and find the Unpublished Applications option.



      

  3. Copy our API Key, which is k0kzgdguwdotkusi2n30nfpv29falhhv, and paste it into the exceptions box next to Unpublished Applications

  4. Click Save. This allows the ZenGRC connection to be accepted by Box.

Setting the Connection

Now, follow the instructions in Connecting ZenGRC to Storage. When it opens the Box application, complete the following steps:

  1. In the Box dialog box, enter the email address and password to your account. If you created a user as an optional step, please log in as that user.
     




  2. Click Authorize.





  3. Alternatively, if you have SSO configured, click Use Single Sign On (SSO).

  4. Once authenticated, the Storage page refreshes with the new Box connection displayed. It will not be the default choice until you set it.

NOTE

To make the new storage addition the default, please see Checking Connection and Setting a Default Connection.

Creating an Audit Using Box

After ZenGRC and Box are connected, you can create an audit and select the Box folder to use for storage.

To create a Box audit, complete the following steps:

  1. In the left-hand navigation, click the New button, then select Audit.





  2. Complete all information.

  3. Next to the Evidence folder in Box field, click Change.





  4. Select a folder and click Use this folder.

NOTE

If there are sub folders, they will display when you click on a folder, which allows you to drill into your Box folder structure.

 

  1. Click Save to continue with Step 2 of audit setup.

NOTE

For complete instructions on creating an audit, please see Creating an Audit.

Google Drive Instructions

NOTE

If you're getting a 404 error after clicking Google Drive, you may need to whitelist your ZenGRC instance with Google. Please see Whitelisting connected apps and use 501557696306-7df2v2t676r5blgd9247kh26oqllf9ra.apps.googleusercontent.com as your OAuth2 Client ID.

  1. In the Google Drive dialog box, click Allow.





Once authenticated, the Storage page refreshes with the new Google Drive connection displayed. It will not be the default choice until you set it.


NOTE

To make the new storage addition the default, please see Checking Connection and Setting a Default Connection.

Microsoft OneDrive Instructions

  1. In the Microsoft Sign in dialog box, add your email, phone or Skype ID.





  2. Click Next.

  3. A dialog box asks if you want your ZenGRC instance to access the Microsoft account.

  4. Click Yes.

Once authenticated, the Storage page refreshes with the new OneDrive connection displayed. It will not be the default choice until you set it.


NOTE

To make the new storage addition the default, please see Checking Connection and Setting a Default Connection.

Folder Structure

Using a Box integration allows you to specify folders per audit for evidence upload. However, Google Drive, Amazon, and OneDrive have a hard-coded path that is set up as follows:

  • The storage connection creates a folder called <zengrc>.

  • All uploads are added to that folder as follows:

    • Request - File structure is <audit_name>/<request_title>_<request_id>/<filename>

    • Survey - File structure is <survey>_<survey_answer_id>_<survey_response_id>/<filename>

    • Any other object - File structure is <object_title>_<object_id>


Checking a Connection

To determine if the connection is still linked, complete the following steps:

  1. Click Check connection beside the storage integration.

  2. If the connection is still valid, a green message displays. 



     

Setting a Default Connection

TIP

Changing a default connection does not remove the visibility of files already uploaded into the original storage connection. It does not delete or remove files. If an audit is occurring during the change and evidence is exported, the files uploaded to all storage connections are included.



CAUTION

If two administrators set different default connections, the one that is integrated last is the default. 


To set a default connection, complete the following:

  1. Click Set default beside the storage integration you want to use.


How to Tell the Default Connection

There are several ways to differentiate your default storage if you have several connections set up. The default connection displays the following features:

  • It is encircled with a green box.

  • The Set default button is removed.

  • The Remove button is removed.




NOTE

In the screenshot above, the second option, Box, is the default storage connection.

 

The Remove button for the default connection is only enabled when another storage connection is set as the default. However, the original ZenGRC Storage cannot be removed. Please see Setting a Default Connection

 

Removing a Connection

TIP

Removing a connection does not delete files. However, those files will no longer be displayed in ZenGRC and can only be accessed by logging into the storage application directly. 


To remove a connection, complete the following steps:

  1. Click Remove beside the storage integration to be disconnected.

TIP

If the connection you're removing is the default, there is no Remove button. To activate the button, set another storage as the default.

 

  1. A dialog box displays how many files are stored in the connection you are removing.





  2. Click Remove.

  3. Alternatively, click Cancel to discard changes and return to the Storage page.

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com