Skip to main content

Integrations

The One Protect integrates with the rest of The One Stack and external services to provide automated protection workflows and centralized visibility.

Hub SSO

All users authenticate via Hub SSO. There is no separate username/password for The One Protect.

  • Users access app.theoneprotect.app via the Hub waffle menu
  • Roles are inherited from Hub (Owner, Admin, Member, Viewer)

Security Integration

The One Protect feeds findings into The One Security for centralized incident management:

  • Credential exposures — Create Security incidents when leaked credentials are detected
  • SaaS misconfigurations — Critical SSPM findings create Security incidents
  • Threat correlation — Protect findings are correlated with Security alerts for enriched context

Configure in Settings → Integrations → Security.

PSA Integration

The One Protect creates PSA tickets for actionable findings:

  • Dark web alerts — Auto-create tickets when compromised credentials are detected
  • SaaS remediation tasks — Create tickets for misconfiguration remediation
  • DMARC action items — Create tickets for DNS record changes

Configure ticket templates (board, priority, type, assignment) in Settings → Integrations → PSA.

RMM Integration

The One Protect triggers remediation actions via The One RMM:

  • Force password reset — Execute password resets when credentials are exposed
  • Account lockout — Temporarily disable compromised accounts
  • MFA enrollment — Push MFA enrollment to affected users

Configure in Settings → Integrations → RMM.

ℹ️RMM remediation actions require the RMM agent to be installed on the target device and the device to be online. Actions are queued and execute when the device checks in.

Portal Integration

The One Protect provides client-facing visibility through The One Portal:

  • Protection dashboard — Clients see their overall protection score and trends
  • Active alerts — Clients can view (but not modify) their dark web alerts
  • DMARC status — Clients see their email authentication status per domain
  • Reports — Clients can download their monthly security reports

Configure client visibility in Settings → Integrations → Portal.

Compliance Integration

The One Protect provides evidence for compliance frameworks in The One Compliance:

  • SSPM scan results — SaaS security posture as evidence for access control and configuration management controls
  • Email authentication status — DMARC/SPF/DKIM compliance as evidence for email security controls
  • Dark web monitoring status — Active monitoring as evidence for breach detection controls
  • Credential response records — Incident response actions as evidence for incident handling controls

Configure in Settings → Integrations → Compliance.

External Services

HaveIBeenPwned API

Used for dark web and credential monitoring. The HIBP API v3 is queried per monitored email address on a 12-hour schedule. Requires a valid HIBP API key configured in Key Vault (HIBP-API-KEY).

Microsoft Graph API

Used for M365 SSPM scanning. Required permissions:

  • Directory.Read.All
  • Policy.Read.All
  • SecurityEvents.Read.All
  • Reports.Read.All

Google Admin SDK

Used for Google Workspace SSPM scanning. Required OAuth scopes:

  • admin.directory.user.readonly
  • admin.directory.domain.readonly
  • admin.reports.audit.readonly

Stripe (Billing)

Subscription billing is managed via Stripe. User counts for per-user billing are reported monthly via the billing usage reporter.