Chat with us, powered by LiveChat

External Screenshot Storage Configuration Guide

What is External Screenshot Storage?

External Screenshot Storage is a premium enterprise feature that allows you to store employee screenshots in your own cloud infrastructure instead of WorkComposer's default secure storage. This is ideal for organizations with strict data sovereignty, compliance, or regulatory requirements.

Important: By default, WorkComposer stores all screenshots securely on our SOC 2-certified cloud infrastructure at no additional charge. External Screenshot Storage is completely optional and only needed if your organization has specific compliance or data residency requirements.

Supported Storage Providers

WorkComposer currently supports the following storage providers:

  • AWS S3 - Amazon Simple Storage Service with customizable regions and buckets
  • SFTP - Secure File Transfer Protocol servers with SSH key or password authentication
  • Azure Blob Storage - Coming soon
  • Google Cloud Storage - Coming soon

Requirements

  • Premium or Enterprise plan subscription
  • Admin or Owner role in your organization
  • Valid credentials for your chosen storage provider
  • For AWS S3: Access Key ID, Secret Access Key, Region, and Bucket name
  • For SFTP: Host address, Port (default 22), Username, and either Password or SSH Private Key

Configuring AWS S3 Storage

Follow these steps to configure AWS S3 as your external screenshot storage:

  1. Log in to your WorkComposer account as an Admin or Owner
  2. Navigate to Settings β†’ Account & Security β†’ External Screenshot Storage
  3. Click Configure External Storage button
  4. Select AWS S3 as your storage provider
  5. Enter a name for this storage configuration (e.g., "Production S3")
  6. Enter your AWS credentials:
    • Access Key ID: Your AWS IAM access key
    • Secret Access Key: Your AWS IAM secret key
    • Region: AWS region where your bucket is located (e.g., us-east-1)
    • Bucket Name: Name of your S3 bucket
  7. Click Test Connection to verify your credentials
  8. If the test is successful, click Save
  9. Optionally, click Set as Primary to start storing new screenshots in this storage

Note: Make sure your AWS IAM user has the following S3 permissions: PutObject, GetObject, DeleteObject on your bucket.

Configuring SFTP Storage

Follow these steps to configure SFTP as your external screenshot storage:

  1. Log in to your WorkComposer account as an Admin or Owner
  2. Navigate to Settings β†’ Account & Security β†’ External Screenshot Storage
  3. Click Configure External Storage button
  4. Select SFTP as your storage provider
  5. Enter a name for this storage configuration (e.g., "Company SFTP Server")
  6. Enter your SFTP server details:
    • Host: Your SFTP server hostname or IP address
    • Port: SFTP port (default is 22)
    • Username: SFTP username
    • Password: SFTP password (if not using SSH key)
    • SSH Private Key: Your SSH private key (if not using password)
    • Passphrase: Passphrase for encrypted SSH key (if applicable)
    • Base Path: Directory path where screenshots should be stored (e.g., /screenshots)
  7. Click Test Connection to verify your configuration
  8. If the test is successful, click Save
  9. Optionally, click Set as Primary to start storing new screenshots in this storage

Note: For SSH key authentication, paste your entire private key including the header and footer lines (-----BEGIN ... and -----END ...).

Managing Multiple Storage Accounts

You can configure multiple external storage accounts and switch between them as needed:

  • Primary Storage: Only one storage account can be set as primary at a time. New screenshots will be stored in the primary storage.
  • Switching Primary: Click "Set as Primary" on any configured storage account to make it the active storage for new screenshots.
  • Existing Screenshots: Changing the primary storage does not move existing screenshots. They remain in their original storage location.
  • Testing Connections: Use the "Test" button to verify connectivity before setting a storage as primary.
  • Deleting Storage: You can delete storage configurations at any time. Screenshots stored in deleted storages will be replaced with placeholder images in reports.

Understanding System Storage

When no external storage is configured or set as primary, WorkComposer uses System Storage:

  • Secure by Default: All screenshots are encrypted at rest using AES-256 and in transit using TLS 1.2+
  • SOC 2 Certified: Our infrastructure meets enterprise security standards
  • No Additional Charge: System Storage is included at no extra cost with your subscription
  • High Availability: Built on redundant cloud infrastructure with 99.9% uptime
  • Automatic Backups: Continuous data backup and disaster recovery

Recommendation: Most organizations can safely use System Storage. External Screenshot Storage is only needed if you have specific compliance requirements (GDPR data residency, HIPAA, government contracts, etc.).

Troubleshooting

Connection Test Failed

If the connection test fails, verify:

  • Credentials are correct and have not expired
  • For AWS S3: IAM user has required permissions (PutObject, GetObject, DeleteObject)
  • For SFTP: Server is accessible from the internet, firewall allows connections on the specified port
  • For SFTP: Username and password/key are correct
  • Network connectivity between WorkComposer and your storage provider

Screenshots Not Uploading

If screenshots are not appearing in your external storage:

  • Verify the storage account is set as Primary
  • Check that your storage credentials have not been revoked
  • For SFTP: Ensure the base path directory exists and is writable
  • Test the connection using the "Test" button in the storage settings

Placeholder Images Appearing in Reports

If you see placeholder images instead of actual screenshots:

  • The external storage account may have been deleted or is no longer accessible
  • Storage credentials may have expired or been revoked
  • Network connectivity issues between WorkComposer and your storage
  • For SFTP: Connection pool may be exhausted (temporary issue, retry after a few minutes)

Compliance & Data Sovereignty Use Cases

GDPR Compliance (European Companies)

Store EU employee screenshots in EU-based AWS regions (e.g., eu-west-1, eu-central-1) or your own EU-located SFTP servers to meet data residency requirements.

HIPAA Compliance (Healthcare)

Store screenshots containing Protected Health Information (PHI) in your healthcare-certified AWS infrastructure or approved on-premise servers.

Government Contractors

Meet FedRAMP and government data residency requirements by storing screenshots in approved on-premise SFTP servers or government cloud regions.

Financial Services

Meet PCI DSS and financial industry regulations by maintaining complete control over where trading floor or customer service screenshots are stored.

Security Best Practices

  • Rotate your storage credentials regularly (every 90 days recommended)
  • Use IAM roles with minimum required permissions (principle of least privilege)
  • Enable MFA on your AWS or cloud provider accounts
  • For SFTP: Use SSH key authentication instead of passwords when possible
  • Monitor access logs on your storage provider for unauthorized access
  • Enable versioning on S3 buckets to protect against accidental deletion
  • Use encryption at rest on your storage provider if not enabled by default

Need Help?

If you need assistance configuring External Screenshot Storage or have questions about compliance requirements, please contact our support team at support@workcomposer.com.