Hook SecurityHook Docs
FAQ

Frequently asked questions

Answers to the most common questions about Hook — access and sign-in, the read-only model, feature availability, integrations, reports, and where end-user training lives.

This page collects the questions support hears most often about Hook — why the portal is read-only, why you might see fewer sidebar sections than the docs describe, how sign-in works, where your end users take training, and how this portal relates to your existing Hook environment. Each answer points to a deeper how-to when there is one. If your question isn't here, email support@hooksecurity.co.

Access and sign-in

How do I sign in? Is there a password?

Hook sign-in is invitation-only and passwordless by default. Your account has to be provisioned before you can log in — there's no public sign-up. On the login page the OTP Code tab is selected first: you enter your work email, click Send OTP Code, and Hook emails you a 6-digit code to paste back into the browser. A Password tab also exists for accounts that have a password set, but one-time codes are the default path.

A few things the login flow does on purpose:

  • After you request a code, Hook always advances you to the code-entry screen — it won't tell you whether your email matches an account, which keeps attackers from probing who has access.
  • The code field accepts exactly 6 numeric digits (non-numbers are stripped as you type), and Verify Code stays disabled until all six are entered.
  • Resend code has a 30-second cooldown shown as a countdown. Use Use different email to start over with another address.

Hook login card with the OTP Code and Password tabs, with OTP Code selected

For the full walkthrough see Get started with Hook, and if you're blocked, Troubleshoot sign-in.

Why was my sign-in rejected even though my email is correct?

Two checks run on the server after your code or password is verified, and either one can stop a valid email:

  • "This email has not been invited." Your authenticated identity doesn't match a known Hook user. Sign-in is invitation-only, so ask your CSM or an existing admin to provision you.
  • "Not authorized," pointing you to the school site. Your account exists but isn't an active phishing-console user. This usually means you're a training learner, not an admin — see Where do my end users take training? below.

In both cases Hook signs the session out so an ineligible account can't keep a usable session. See Troubleshoot sign-in for the full list of messages.

Where do my end users take training and report phishing?

On a separate site — not in this portal. Every successful login here lands in an admin-facing portal; there is no learner experience in this product. Employees completing assigned courses go to school.hooksecurity.net, and the phishing-report button lives in their email client, not in this app. If a learner tries to sign in here, Hook rejects them with a "not authorized" message that points to the school site.

So as an admin you assign and track training here; your end users take it there.

The read-only model

Why can't I add or edit users in the portal?

Users and groups in this portal are read-only by design. The Users & Groups page even says so up top: Users and groups synced from your directory are managed there — changes appear here after the next sync. You can search, filter by source, filter by status, and open any user or group to see members and memberships — but there are no add, edit, or delete controls.

To change someone, edit them in the source and let the next sync reconcile the change:

  • Microsoft Entra — for records synced from your directory, edit the user or group in Entra; changes appear after the next sync. Deactivating someone there is what removes them from future campaigns and enrollments.
  • Imported — records brought in from an external source aren't actively synced, so they're changed upstream too.

Edits happen in the source, not in Hook

Because the portal is read-only, a change you make in Entra (or upstream) won't appear instantly — it shows up after the next sync runs. That's expected, not a delay you need to report.

See View users and groups and Sync users from Microsoft Entra.

This portal — sometimes called Hook 2.0 — is currently a read-only view of data synced from Hook 1.0, the classic console at portal.hooksecurity.net. Your users, groups, campaigns, and results originate in that environment and flow into this one; campaign and program management is rolling out here in phases. The dashboard's own FAQ explains the same thing: the data is synced from your existing Hook environment, and management features are arriving over time.

The practical upshot: if a number here looks like it's lagging, it's because this portal reflects what was last synced from Hook 1.0 — the source of truth for now.

Feature availability

Why do I see fewer sidebar sections than the docs describe?

Most sidebar sections are feature-flag gated, and several of those flags default to on only in non-production environments (local development and Vercel previews) and off in production. So an admin on the live app can legitimately see far fewer nav items than a teammate testing a preview build.

SectionWhen it shows
Dashboard / Reports / AutomationsAlways.
TrainingWhen the training-enrollments flag is on.
Phishing SimWhen the org-phishing flag is on — off by default everywhere, so it appears only where explicitly enabled.
User ManagementWhen the user-management flag is on.
IntegrationsWhen the integrations flag is on (can be targeted to specific orgs).
AutopilotWhen Autopilot is enabled for the selected org (per-org, not a flag).
What's NewWhen the customer-changelog flag is on.

A missing section is almost never a bug — it just hasn't been enabled for your environment or org yet. Contact your CSM to have a flag turned on.

Flags can be per-org

Some flags (like integrations) are targeted to specific organizations, so two orgs in the same environment can see different sections. When you switch workspaces, the sidebar re-evaluates what to show for the org you selected.

See Navigate the org portal for the full section-by-section breakdown.

Why can't I schedule a phishing campaign for later?

Scheduling is "Coming Soon" — every campaign launches immediately. In the campaign wizard, under When should this campaign launch?, Hook shows a Launch now option and a Schedule for later option marked Coming Soon. The scheduling tile is disabled today, so the moment you click Launch Campaign on the review step, the campaign is created and emails go out.

Don't click Launch until you're ready

Because there's no scheduling yet, treat Launch Campaign as the live send button. Confirm your targeting, template, and — critically — the selected workspace before you launch.

See Run a phishing campaign.

How do I turn on Autopilot?

You don't — Autopilot is provider-enabled, not self-serve. There is no enable toggle in the org portal. Your Hook contact (CSM / service provider) turns Autopilot on for your organization. If it's off, the Autopilot pages read not active with a prompt to contact your provider.

Even when Autopilot is active, your provider separately decides whether you can edit its settings (self-management). If self-management isn't granted, every setting — including the Skip Next Cycle toggle — is visible but read-only. When self-management is granted, Skip Next Cycle lets you skip the next Autopilot campaign; it resumes automatically after.

COTM and Autopilot are the same thing

You'll see Autopilot referred to as COTM (Campaign of the Month) in places. They're the same feature. Reports that depend on it — like the COTM Campaign Report — only appear once Autopilot is enabled for the org.

See Understand and configure Autopilot.

Integrations and reports

Why are my report numbers empty or partial?

Phishing results in reports flow from the PhishingBox delivery integration, and several conditions have to be in place before numbers fill in:

  • The PhishingBox integration has to be connected for your org. Some reports pull live from the delivery provider; if that link isn't set up, phishing tiles read zero.
  • Recipient domains must be authorized. Hook only delivers simulations to email domains it knows are yours. Authorized domains come from your synced directory — if a recipient's domain isn't authorized, the send never reaches them and they never register as opened/clicked/reported. See Authorize recipient domains.
  • Safelisting may be required. If Hook's sending domains and IPs aren't safelisted in your mail filtering, simulations can be blocked or quarantined before delivery — which also leaves report numbers thin. See Safelist Hook's sending domains and IPs.

If numbers are partial right after a launch, give it time — engagement events trickle in over the first 24 hours. If they stay empty, work down the list above. Troubleshoot phishing delivery walks through delivery problems end to end.

How do directory sync and authorized domains fit together?

Directory sync (Microsoft Entra) brings your groups and members into Hook and keeps them current. As a side effect, the email domains of your synced users become authorized domains — that's how Hook knows where it's allowed to deliver simulations. Connect a directory and the rest follows; without one, you'll be authorizing domains and confirming delivery by hand.

See Sync users from Microsoft Entra, Manage directory connections, and Authorize recipient domains.

Common pitfalls

  • A missing section means a flag, not a bug. Most sidebar sections are flag-gated and off in production by default. Ask your CSM to enable what you need.
  • You can't schedule campaigns yet. Scheduling is Coming Soon; Launch Campaign sends immediately.
  • Edits to users and groups happen in the source. The portal is read-only; changes appear after the next sync.
  • This portal isn't for learners. End users take training at school.hooksecurity.net, not here.
  • Empty report numbers usually trace to delivery setup. Confirm the PhishingBox integration, authorized recipient domains, and safelisting before assuming a report is broken.

On this page