Quick-Start Guide for Administrators

4 min read

This information is for superusers (administrators).

As part of the new customer on-boarding process, you should have already created at least one unit, set up a superuser account for the primary administrator, and perhaps set up some customizations and single sign-on. You might have already done a test assessment as well.

To get started doing assessments with Isora GRC, you will need to:

  1. Add organizational information into Isora GRC (people, units, and optionally locations).
  1. Import inventory (if you’re going to include asset enrichment or application assessment).
  1. (Optionally) Import or create question objects for the types of assessments you want to do.
  1. Do the assessment.

Expand the sections for more information about how to do each task.

1. Log into Isora GRC.

When an instance of Isora GRC is started, there is at least one user with administrative capabilities. Before SSO has been enabled, you will need to locally authenticate with Isora GRC.

  1. Navigate to your Isora GRC URL provided by SaltyCloud, type in your user credentials and click the “Login” button.

2. Add organizational data into Isora GRC.

💡
Organizational Units are referred to as “units” in Isora GRC’s new UI.
  1. On the Settings page, go to Organizational Units.

  1. Use the CSV upload button to add a CSV containing multiple units at once.

    (See also: Reference: (Organizational) Unit CSV Upload )

  1. Or you can add a single unit by clicking the + button.

  1. Fill in the fields.

  1. You can optionally use the Permissions area to add people who are already in Isora GRC to this unit. Click the + button to assign a user to this OU, and select their role from the drop-down list.

  1. Click Save to finish.

3. Add people and define their roles.

As a superuser, you can add people into Isora GRC using the Settings page. Assessment Managers can also assign existing users roles within their own OUs.

  1. On the Settings page under Organization click the “People” link. Then click the + sign to create a new user.

  1. Fill in the fields with details about the new user.

    The username field should be required. Leave the password blank unless you are using local authentication (you should not be using local authentication unless you are still very early in the setup process). If any user needs to have administrative privileges, you can click the “superuser” checkbox when you add the user. You can also add this capability later. Do not give superuser authority to anyone other than Isora GRC administrators, since superusers have unrestricted privileges. The "service account" checkbox should be used if a non-person entity needs to access Isora GRC. No authorization is used with service accounts, and although they could be authenticated through LDAP or local password, service accounts should normally access Isora GRC through the API.

  1. Use the bottom half of the Add User dialog to optionally assign permissions. Use permissions to assign roles within specific organizational unit(s) to the user. Click the Save button when finished.

    See also: Reference: Roles and Capabilities .

  1. You can also use the upload button to upload details about multiple users at once using a CSV file. Each line of the file should consist of a username, first name, last name, and email address.

🗒️
In a large institution, you may not be aware of all the people in the organization who will at some point need to use Isora GRC. As authorized users fill out surveys to complete assessments, they can delegate questions or hosts to other people. When doing so, they can specify people who aren’t yet defined in Isora GRC, and this is another way that people can get added into Isora GRC. This method only works if you’re using LDAP integration.

See also:

See also: Reference: Roles and Capabilities

4. Import inventory.

After adding information about people and organizations, you will likely want to add inventory to Isora GRC. In some cases, you (the administrator) will add this data yourself. In other cases, you will allow Isora GRC users to add the inventory data.

There are three types of inventory tracked in Isora GRC- assets (formerly hosts), applications (formerly apps) and third-party vendor products.

Assets (Hosts)

You may wish to track where your inventory assets are located. If you want to track location information in Isora GRC, then before you import inventory, you should add locations into Isora GRC. Only superusers can manage location data.

See also:

How-To: Create and Populate Asset Inventory Sheets

Applications (Apps)

Application inventory is only needed if you plan to perform application assessments. These types of assessments are less frequently used compared to the other methodologies. They usually represent internally-developed applications or systems.

See also:

Third-Party Vendor Products

These products can be added into inventory at the time of creating an assessment. However, if you want to add them into inventory first, you can do so.

See also:

5. Do a basic test assessment.

Depending on your goals and what you are trying to accomplish with Isora GRC, you will likely want to choose the assessment methodology that’s most important to you. Before you get started with real assessments and especially before you enable notifications, it’s a good idea to do one or two test assessments, to make sure everything is set up correctly. Use the following guides to perform a test assessment using whichever methodology you choose.

Related articles
Did this answer your question?