Documentation

Integration Setup

Connect your toolchain to OneStepWise for automated, real-time evidence collection across all supported frameworks.

Overview

What integrations do and how they work

OneStepWise integrations pull live evidence from your existing tools, no manual screenshots, no spreadsheets. Evidence is stored in an HMAC-chained ledger that's tamper-evident and audit-ready.

Evidence collected by integrations is automatically surfaced in your compliance score, gap report, and the Evidence Ledger panel in your dashboard.

Starter plan: Up to 3 integrations. Growth plan: Unlimited integrations. Connect as many as you need.

GitHub
Branch protection, PR reviews, Dependabot, CODEOWNERS
AWS
IAM policies, CloudTrail logging, S3 encryption, GuardDuty
Google Workspace
Audit logs, MFA status, admin activity
Okta
Identity policies, MFA enforcement, provisioning logs

GitHub

Pulls branch protection rules, PR review requirements, Dependabot alerts, and CODEOWNERS configuration

What's collected

Branch protection
Enforced on main/master branches
PR review required
Min. 1 approving reviewer required
Dependabot enabled
Dependency vulnerability scanning active
Secret scanning
GitHub secret scanning configured

How to connect

1
Navigate to Integrations in your dashboard
Go to Monitoring → Integrations and click GitHub.
2
Authorize the GitHub OAuth app
You'll be redirected to GitHub. Click Authorize OneStepWise. This grants read-only access to repository metadata, we never access your source code.
3
Select your organization or personal account
Choose the GitHub organization that contains your production repositories.
4
Sync evidence
Click Sync now. Evidence is collected immediately and again on each weekly monitor run.

Permissions required: repo (read), org:read. We never request repo:write or delete permissions.

Supported frameworks

SOC 2 ISO 27001 HIPAA

AWS

Checks CloudTrail logging, IAM password policy, S3 bucket encryption, and GuardDuty status

What's collected

CloudTrail enabled
API activity logging across all regions
IAM password policy
Min. length, complexity, rotation enforced
S3 encryption
Default encryption on production buckets
GuardDuty
Threat detection enabled in primary region

How to connect

1
Create a read-only IAM role
In the AWS IAM console, create a role with the following managed policies attached:
SecurityAudit ReadOnlyAccess (or scoped to: CloudTrail, IAM, S3, GuardDuty)
2
Create an IAM Access Key
Create an access key for the role's user. Copy the Access Key ID and Secret Access Key.
3
Enter credentials in OneStepWise
Go to Monitoring → Integrations → AWS and paste the Access Key ID, Secret, and your primary AWS region (e.g. us-east-1).
4
Sync evidence
Click Sync now. Credentials are encrypted at rest using AES-256-GCM.

We never modify your AWS infrastructure. All API calls are read-only (Describe*, Get*, List* actions only).

Supported frameworks

SOC 2 ISO 27001 HIPAA GDPR

Google Workspace

Reads audit logs, MFA enforcement status, and admin activity from your Google Admin console

What's collected

MFA status
2-step verification enforcement for your domain
Admin audit logs
User provisioning and permission changes
Login activity
Failed and suspicious login attempts
Drive sharing
External sharing policy configuration

How to connect

1
Navigate to Integrations in your dashboard
Go to Monitoring → Integrations and click Google Workspace.
2
Sign in with your Google Admin account
You must sign in with an account that has Super Admin or Reports Admin privileges to grant access to audit logs.
3
Grant the required scopes
OneStepWise requests read-only access to: Admin SDK Reports API, Directory API (users). No write permissions are ever requested.
4
Sync evidence
Click Sync now. Token is encrypted and stored securely.

Supported frameworks

SOC 2 ISO 27001 HIPAA

Okta

Checks MFA policy enforcement, application assignments, and provisioning logs

What's collected

MFA enforcement
Org-wide MFA policy status
Application count
SAML/OIDC apps configured
Provisioning
SCIM provisioning configured for apps
System log
Authentication events and admin activity

How to connect

1
Create a read-only API token in Okta
In your Okta Admin console, go to Security → API → Tokens → Create Token. Name it OneStepWise read-only.
2
Enter your Okta domain and token
Go to Monitoring → Integrations → Okta and enter your Okta domain (e.g. yourcompany.okta.com) and the API token.
3
Sync evidence
Click Sync now. The token is encrypted at rest. We call read-only Okta API endpoints only.

OneStepWise only calls GET endpoints on the Okta API. No users or policies are ever modified.

Supported frameworks

SOC 2 ISO 27001

Coming soon

Integrations available on request or on the roadmap

Jira On request
Sync remediation items as Jira issues. Email hello@mycomplai.com to enable early access.
Linear On request
Sync remediation items as Linear issues. Email hello@mycomplai.com to enable early access.
Slack Roadmap
Real-time drift alerts and weekly compliance digest delivered to a Slack channel.
Microsoft Teams Roadmap
Same as Slack but for Teams-first organizations.
Azure / GCP Roadmap
Cloud infrastructure evidence collection for Azure and Google Cloud Platform.

FAQ

Do you store my credentials?

Yes, integration credentials are stored encrypted using AES-256-GCM with a key stored separately from the data. They are never logged or included in error reports.

Can I revoke access at any time?

Yes. In your dashboard, go to Monitoring → Integrations and click Disconnect on any integration. Credentials are deleted immediately. You can also revoke the OAuth app from the provider side (GitHub settings, Google account, etc.).

How often is evidence synced?

On-demand (click Sync now) and automatically on each weekly monitor run. You can also trigger a full re-assessment at any time from the dashboard.

I need help with my integration setup

Email hello@mycomplai.com or use the Compliance Concierge chat in your dashboard, our AI can walk you through the setup step by step.