Getting Started
This guide walks you through activating The One Security module and completing first-time setup.
Prerequisites
- An active Hub organization
- Owner or Admin role in Hub
- A GitHub account (required only for the Application Security / vulnerability scanning module)
First-Time Setup Wizard
When you first navigate to app.theonesecurity.app and sign in via Hub SSO, you are taken to the three-step onboarding wizard.
Step 1: Connect GitHub
Install the The One Security GitHub App on your organization. This grants read access to your repositories so the vulnerability scanner can inventory dependencies, detect exposed secrets, and run DAST scans against your endpoints.
- Click Connect GitHub
- The GitHub App installation page opens in a new tab
- Select the GitHub organization or repositories to grant access
- Return to the wizard and click Done — I've installed the app
Step 2: Add Platforms
Add each application you want to monitor. For each platform you provide:
| Field | Description |
|---|---|
| Name | Human-readable name (e.g., "Customer Portal") |
| GitHub Repo | owner/repo format |
| Criticality | Critical / High / Medium / Low — affects alert priority |
| Target URL | Base URL for DAST scanning |
| Domains | Comma-separated list of domains in scope |
You can add multiple platforms before moving to Step 3.
Step 3: Run First Scan
Click Trigger Scan to kick off your first vulnerability scan across all added platforms. The scan orchestrator launches a Docker container (ZAP + Nuclei) in Azure Container Instances.
Scan results appear on the Vulnerabilities page within 5–15 minutes depending on platform size.
Key Concepts
Organization vs Tenant
Your organization is your MSP's Hub account. Each tenant is one of your managed clients. Security data (vulnerabilities, SAT results, dark web findings, compliance posture) is isolated per tenant.
Managed Users
Managed users are your clients' end-users. They are the targets for:
- Security Awareness Training campaigns
- Phishing simulations
- Dark web breach monitoring
Add them manually, import via CSV, or sync from a connected M365 tenant.
Scan Profiles
Scan profiles define the scope and depth of vulnerability scans:
- Full — Comprehensive scan of all endpoints and dependencies
- Quick — Surface-level scan, faster results
- Targeted — Specific IP range or host
- Custom — User-defined scope
Policy Templates
GRC policy templates (CIS preset, MSP preset, custom) define the compliance baseline applied to connected M365 tenants and assessed during compliance assessments.
Suggested First Steps
- Sign in at
app.theonesecurity.appvia Hub SSO - Complete the onboarding wizard (Connect GitHub → Add Platforms → Run First Scan)
- Navigate to SecOps → SaaS Posture → connect your first M365 tenant
- Navigate to SecOps → Dark Web Monitoring → add managed user emails
- Navigate to SAT → Training Campaigns → create your first awareness training campaign
- Navigate to Email Security → DMARC Reports → add your sending domains
/secops) is your daily driver — it shows critical alerts, open incidents, active threat hunts, and dark web exposures on one screen.