3.2 Adding People and Defining Their Roles in Isora GRC

As an administrator, you can use the orgs module to add people into Isora GRC.

  1. Navigate to the orgs module and click the “manage people” button.


  2. On the right-hand side, fill in the “add a new user” form with the desired information for your new user and click the “save” button.

    The username field should be required. Leave the password blank if you want to use LDAP for authentication. If you specify a password, then the local password will be used for authentication purposes, but if possible, LDAP will still be used for authorization. In a non-LDAP environment, you will need to specify a password, or the user won't be able to log in.

    If any user needs to have administrative privileges, you can click the “superuser” checkbox when you add the user. You can also add this capability later. Do not give superuser authority to anyone other than Isora GRC administrators, since superusers have unrestricted privileges.

    The "service account" checkbox should be used if a non-person entity needs to access Isora GRC. No authorization is used with service accounts, and although they could be authenticated through LDAP or local password, service accounts should normally access Isora GRC through the API.

  3. You can also click the upload button to upload details about multiple users at once using a CSV file. Each line of the file should consist of a username, first name, last name, and email address.


Just defining a person to Isora GRC isn’t enough to allow the person to do anything useful. To assign a role within an Organizational Unit, you create a Permission. You can do this by editing the person or by editing the OU to add a permission.

In a large institution, you may not be aware of all the people in the organization who will at some point need to use Isora GRC. As authorized users fill out surveys to complete assessments, they can delegate questions to other people. When doing so, they can specify people who aren’t yet defined in Isora GRC, and this is another way that people can get added into Isora GRC.


Next: 3.3 Creating Organizational Structure in Isora GRC

If you can't find what you are a looking for and need support, email support@saltycloud.