Integrations
The One People integrates with multiple products in The One Stack to share workforce data where it is needed — from PSA resource planning to Defend insider threat monitoring.
Hub
Type: Authentication and Identity Direction: Hub → People
Hub is the identity foundation for People. Every People user is a Hub user first.
What it Does
- SSO Login — Users log in to People via Hub SSO. No separate People password is required for admin users.
- Role Assignment — People roles (Admin, HR Manager, HR Staff, Manager, Viewer) are assigned in Hub and inherited by People
- Access Revocation — When offboarding completes, People instructs Hub to revoke the departing employee's access across all products simultaneously
Setup
Hub SSO is configured automatically during platform provisioning. If SSO stops working:
- Verify
PORTAL_SSO_SECRETis set on the People API - Verify the People URL is in the Hub SSO allowlist
- Check Hub > SSO Logs for any token errors
What Breaks if Misconfigured
- Users cannot log in to People
- Employee portal access fails
- Offboarding access revocation silently fails — departing employee retains access
PSA
Type: Resource Planning
Direction: People → PSA
Auth: Integration key (INTEGRATION_KEY)
PSA pulls time off and certification data from People to improve dispatch scheduling and resource assignment.
What it Does
- PTO Calendar — PSA queries People for approved and pending time off. Dispatchers see which technicians are unavailable on any given day, preventing scheduling conflicts.
- Certifications — PSA queries People for active employee certifications. When assigning a ticket that requires a specific skill or cert (e.g., "Cisco Certified", "Azure Administrator"), PSA can match to qualified technicians.
Data That Flows
| Data | Direction | Used For |
|---|---|---|
| Approved PTO dates | People → PSA | Dispatch availability calendar |
| Pending PTO dates | People → PSA | Pre-emptive scheduling awareness |
| Active certifications | People → PSA | Skill-based ticket routing |
| Certification expiry dates | People → PSA | Flag expired certs in PSA resource view |
Setup
No configuration is required in People. PSA pulls this data automatically via the integration API. Ensure INTEGRATION_KEY environment variable is consistent between the People API and PSA configuration.
What Breaks if Misconfigured
- PSA shows all technicians as available even if they have approved PTO
- Skill-based ticket routing ignores certifications — dispatchers must manually verify qualifications
Defend (EDR)
Type: Insider Threat Monitoring
Direction: Bidirectional
Auth: DEFEND_SERVICE_KEY
Defend and People share data around employee identity and offboarding to enable insider threat detection.
What it Does
| Flow | Direction | Trigger |
|---|---|---|
| Employee lookup by login | Defend → People | When Defend detects an anomaly, it looks up the employee by their email/login to get HR context |
| Insider threat HR flag | Defend → People | When Defend detects anomalous behavior above threshold for an offboarding employee, it notifies HR |
| Offboarding trigger | Defend → People | In extreme cases, Defend can initiate an offboarding workflow automatically |
| Offboarding notification | People → Defend | When People starts offboarding, it notifies Defend to begin elevated monitoring |
Setup
DEFEND_SERVICE_KEY must be set on both the People API and the Defend API. This is provisioned automatically during platform setup.
What Breaks if Misconfigured
- Insider threat signals are never sent to People — HR is not notified of anomalous behavior during offboarding periods
- Defend cannot look up employee context for behavioral alerts
- Defend cannot trigger emergency offboarding
See Insider Threat Signals for the full workflow.
Legal
Type: Policy Management
Direction: People ↔ Legal
Auth: X-Integration-Key (Legal API key)
People proxies policy acknowledgment workflows through The One Legal.
What it Does
- Policy Dashboard — People shows a compliance dashboard sourced from Legal (which policies are active, who needs to acknowledge them)
- Employee Policy Status — People shows each employee's acknowledgment status for all active policies
- Policy Signing Flow — When an employee clicks to acknowledge a policy in People, People routes them through Legal's signing workflow
- Acknowledgment Recording — Completed acknowledgments are stored in Legal's document vault, with People receiving a callback to update its compliance view
Data That Flows
| Data | Direction | Used For |
|---|---|---|
| Active policy list | Legal → People | Compliance dashboard |
| Employee acknowledgment status | Legal → People | Per-employee compliance view |
| Policy content for signing | Legal → People | Signing flow embedded in People |
| Completed acknowledgment | Employee → Legal (via People proxy) | Stored in Legal vault |
Setup
LEGAL_API_URL and LEGAL_INTEGRATION_KEY must be set on the People API.
What Breaks if Misconfigured
- Policy compliance dashboard shows no policies
- Employees cannot acknowledge policies from within People
- Policy acknowledgment history does not show in People (though it may still exist in Legal directly)
Event Bus
Type: Event Mesh
Direction: People → Bus
Auth: BUS_INTEGRATION_KEY
People emits events to The One Bus for other products to consume.
Events Emitted
| Event | Trigger | Consumers |
|---|---|---|
login_success | Successful user login | Hub audit log, SIEM |
login_failed | Failed login attempt | Hub audit log, security monitoring |
employee.hired | New employee created with Active status | Relay (welcome email), Hub (provisioning) |
employee.terminated | Employee status set to Terminated/Resigned | Hub (deprovisioning), Defend (stop monitoring) |
onboarding.started | New onboarding workflow initiated | Relay (notifications to assignees) |
offboarding.started | New offboarding workflow initiated | Defend (begin elevated monitoring) |
Setup
BUS_API_URL and BUS_INTEGRATION_KEY must be set on the People API.
Employee Portal
Type: Self-Service UI Direction: Employee → People API
The employee portal at portal.theonepeople.app gives employees read access to their own data without HR admin access.
What Employees Can Do
- View their own PTO balance and request history
- See their performance review history
- View their training enrollment status
- Access pending e-sign documents
- View and update their own profile details
- Browse the org chart
Login
Employees log in to the portal with their Hub SSO credentials. No separate portal password is required.