Initial Setup

After logging into Isora GRC, the first step as an administrator is to import data into Isora GRC. This includes data about people, organizational units and locations, as well as inventory (data about machines).

A single initial administrative user is set up for you by SaltyCloud. You then add more users yourself. In a typical environment, users are authenticated to Isora GRC via LDAP or Active Directory. Credentials and LDAP schema must be provided to SaltyCloud and will be integrated as part of provisioning. Currently there is no way to manually add information later about your authentication server.

If you’re not using LDAP or AD, then local authentication can be used. In that case, users along with their passwords are stored locally in Isora GRC.

You will also need to define your organizational hierarchy to Isora GRC- in other words, add organizational units and tell Isora GRC which people belong to them.

If you plan to track location information in Isora GRC, then you should add data about locations before you add inventory. You can learn more about locations here: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1275463069 .

Then, you import the inventory. Inventory is not necessarily required to use Isora GRC. For instance, you might only be doing organizational or vendor assessments. However, it is often the case that assessments are linked to particular machines, which are in turn owned by organizational units. You may import inventory yourself as an administrator, or you may allow Isora GRC users to import data about inventory into Isora GRC. The inventory module is also used to store information about applications.

Once your critical data is in place, you can start building lists of questions based on the type of assessment you want to do.

All of the steps required to do the initial setup of Isora GRC are outlined in https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1275461658 .