The initial phase of configuring Secure and Govern involves incorporating one or more Content Sources for monitoring purposes, enhancing the security of the content with each additional source. Cloud and On-premises Content Sources can be integrated, ensuring comprehensive monitoring regardless of data location. This article provides guidance on adding content sources to Egnyte Secure and Govern.
All cloud sources must be reauthorized at least once every 5 years. If they are not, the source will become disconnected until reauthorization is completed. Admin are notified via email whenever a cloud source becomes disconnected. Additionally, there are indications in several of the Secure & Govern web pages indicating a source has been disconnected (sensitive content, content lifecycle and the content source settings)
Supported Cloud Content Sources
Egnyte
-
Access Secure and Govern from the left app picker menu.
- From the home page, select Settings, click Add Cloud Source and select Egnyte to begin.
- Click Next.
To add an Egnyte source, it's necessary to have Admin credentials in Egnyte Collaborate.
- Enter the Egnyte domain name and click Next.
- Authenticate as an Admin User in the Egnyte login window that pops up. Egnyte Secure & Govern will access the Egnyte domain as this user. Click Continue in the popup window after authenticating.
We recommend creating a dedicated Admin Service Account within the domain for Egnyte Secure & Govern. Using a distinct account will ensure that access by Egnyte Secure & Govern is segregated within audit reports for the domain.
- Click here for steps to create an Admin Service Account. When creating the Admin Service Account, remember to add Secure & Govern to the username as it will help to easily separate actions taken via Secure & Govern.
- Specify a source name or use the default option and click Next.
-
Users can select any folder paths they wish to exclude within the source from scanning. If a path needs exclusion, they can click on the corresponding checkbox. The checkmark will then transform into a red X, signifying the exclusion of the path and all sub-folders. Under these paths, Egnyte Secure & Govern will refrain from accessing any folders or content. Finally, users can click Finish to save their selection.
By excluding folder paths, issues or sensitive content within these paths won't be detected. For comprehensive coverage, it's recommended not to exclude paths. However, Admin can modify this configuration at any time after adding the source.
- Newly added source will appear in the Cloud Content Sources list below.
The access control issue scan starts right away. As issues are discovered, they'll show up in the Issues tab. Once the initial scan finishes, Admin will get an email summary of all found issues. After that, the source will be constantly monitored for new and updated issues.
OneDrive for Business and SharePoint Online
- From the home page, select Settings, click Add Cloud Source, and select Microsoft.
- Click Next.
-
Specify a source name or use the default option and click Next.
User must have Global Administrator credentials with OneDrive for Business to add it as a source.
-
Enter OneDrive or Microsoft Office 365 login credentials and click Next.
If the user is already logged into OneDrive or Microsoft Office 365, select the appropriate account from the list and enter the password.
-
Accept the Permissions Requested.
- Select whether or not to configure Microsoft Exchange, then click Next.
-
Select the groups for Secure & Govern to scan and click Save.
- Select the SharePoint Online sites for Secure & Govern to scan, then click Save.
- Users can modify the Groups and Sites configuration at any time via the Content Source settings.
-
Choose whether to configure Permissions Management or configure it later and then click Next.
Permissions Management needs to be configured to view permissions and detect new issues in Secure & Govern
- Newly added source will appear in the Cloud Content Sources list.
Exchange Online
Egnyte Secure & Govern allows the classification of content from emails and attachments within the Exchange Online server. Users can set up access to Exchange Online by adding Microsoft/Office 365 as a source and completing an additional optional step.
Click here for more details on adding Exchange Online as a content source.
Google Drive and Gmail
Click here for more details on adding Google Drive and Gmail as content sources.
Microsoft Azure Storage
-
From the home page, select Settings, click Add Cloud Source and select Microsoft Azure Storage.
-
Click on Access Key and enter the Azure Account Name and Account Key. If the necessary details are unavailable, refer to this article to view the account access key. Then proceed by clicking on Register.
- Click on Allow Access for Egnyte to access the content of Azure Storage.
- Newly added source will appear in the Cloud Content Sources list.
Microsoft Azure Files
- From the home page, select Settings, click Add Cloud Source and select Microsoft Azure Files.
-
Click on Access Key and enter the Azure Account Name and Account Key. If the necessary details are unavailable, refer to this article to view the account access key. Then proceed by clicking on Register.
- Click on Allow Access for Egnyte to access the content of Azure Storage.
- Newly added source will appear in the Cloud Content Sources list.
Amazon S3 Storage
-
Establish permissions for the S3 identity or user intended to establish the connection between Egnyte and Amazon S3. These permissions can apply to all buckets or specific ones intended to be linked with Egnyte, but the permissions must match.
-
Permission list:
-
On the bucket level - s3:ListBucket, s3:GetBucketLocation, s3:ListObjects
Note: the s3.ListObjects permission has been deprecated by AWS but can still be defined via the JSON view. It should be added under the "action" section along with the other 2 permissions on the bucket level - On the bucket object level - s3:GetObject
-
For all buckets - s3.ListAllMyBuckets
Resource definition format:
- "Resource": "arn:aws:s3:::BUCKET_NAME" - permission for bucket (alternatively * instead of BUCKET_NAME)
- "Resource": "arn:aws:s3:::BUCKET_NAME/*" - permission for bucket objects (alternatively */* instead of BUCKET_NAME/*)
- "Resource": "*" - all resources
-
On the bucket level - s3:ListBucket, s3:GetBucketLocation, s3:ListObjects
-
Guide for AWS permissions:
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html#required-permissions-in-another-account - Example of granting permissions:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example1.html#grant-permissions-to-user-in-your-account-step1
-
Permission list:
-
From the home page, select Settings, click Add Cloud Source, and select Amazon S3 Storage.
-
Enter the desired label for the source and details like S3 Identity (Access Key ID) and S3 Secret (Secret Access Key). If an Access Key ID or Secret Access Key is not already available, refer to this article to create one.
-
Click on Allow Access for Egnyte to access the content of Amazon S3 storage.
- Newly added source will appear in the Cloud Content Sources list.
Egnyte will not be able to access any S3 buckets that do not conform to the current AWS naming conventions listed here - Bucket naming rules - Amazon Simple Storage Service
Dropbox Storage
Connecting Dropbox storage requires a minimum of a Dropbox Business account. Personal Dropbox accounts cannot be connected
-
From the home page, select Settings, click Add Cloud Source, and select Dropbox Storage.
-
Enter the desired label for the source and click on Register.
-
Click on Allow Access for the Dropbox Connector to access Egnyte.
-
Enter the email address and password to the Dropbox Admin account.
- Newly added source will appear in the Cloud Content Sources list.
Box Storage
Create a Box Application
- Log into the Box Developer console: https://app.box.com/developers/console
- Select My Apps and then Create New App.
- Select Custom App.
- Fill in the details in step 1 of 2:
- App Name - can be anything but should identify what the app is for (i.e. Egnyte App).
- Description - optional.
- Purpose - select Automation.
- Who - select Customer.
- Select User Authentication in step 2 of 2.
- On the Configuration page for the app that pops up after the previous step, copy the Client ID and Client Secret. These will be needed to connect to Engyte.
- Fill in the Redirect URI. The URI should be (depending on the Egnyte region):
- US: https://usc1.egnyteprotect.com/connectors/box-connector/sources/connect
- Europe: https://euw1.egnyteprotect.com/connectors/box-connector/sources/connect
- Mark permission scopes:
- Permissions required are:
- Read all files and folders stored in Box.
- Write all files and folders stored in Box.
- Manage users.
- Manage groups.
- Manage enterprise properties.
- In addition to the above, a special permission is needed:
- admin_on_behalf_of
Note: This has to be requested via contacting Box Support.
- admin_on_behalf_of
- Permissions required are:
- Save changes.
Register the Box source in Egnyte Secure & Govern
- Navigate to Egnyte Secure & Govern -> Settings. The user will be taken to the Cloud Sources page.
- Select Add Cloud Source and then select Box from the list of source types.
- Enter an App name (this will be what the source is called in the S&G UI).
- Fill in the Redirect URI (the same URI that was used in the Box application configuration).
- Fill in the Client ID and Client Secret that was saved from the Box application page.
- When redirected to the Box OAuth grant request, click the Grant access to Box button.
- The success page should confirm registration. The list of sources on the Content Sources page should now include the Box source.
Box FAQ:
Is it possible to use the same client ID and client secret to register another Box source?
Yes, but if that is done all the requests with this client ID will be counted by Box against the same single quota for the number of API requests, and the quota will be depleted sooner consequently.
How does the Egnyte connection to Box affect my Box account?
Egnyte uses the Box API to retrieve files and information from the Box source and those API calls will count against the Box quota. The number of API calls that are made can vary widely depending on the amount of data in the Box source and the structure of the data (i.e. many top-level folders or few top-level folders).
See https://www.box.com/pricing for more information on API costs and https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/ for API rate limitations. For any other questions, contact your Box account manager.
Add Additional Sources
Click Add Cloud Source again and follow the related steps to add additional Cloud Sources. If adding on-premise SharePoint or Windows File Server sources is desired, please refer to this article or reach out to Egnyte Support for assistance.