Hook SecurityHook Docs
Troubleshooting

Troubleshooting overview

A jump-off page that routes common problems — sign-in, missing nav, directory sync, phishing delivery, training enrollments, and empty reports — to the right fix.

When something isn't working in Hook, this page points you to the right fix. Start here, match your symptom to a category below, and follow the link to the dedicated article. Most issues fall into one of a few buckets: you can't sign in, a section of the portal is missing, your directory sync looks off, a phishing campaign didn't deliver, training enrollments aren't landing, or a report comes back empty.

Before you do anything else

Confirm the right organization is selected

Almost every "the data is missing" or "I don't have access" report comes down to the wrong organization being active. If you manage more than one org (MSPs and parent orgs do), check the organization switcher in the top of the left sidebar before anything else. The switcher drives what every page shows — users, campaigns, reports, and which nav sections appear. See Navigate the org portal for where the switcher lives.

Two more quick checks that resolve a surprising share of tickets:

  • Reload the page. The sidebar and reports read your selected org and feature flags at load time. After switching orgs or having a flag toggled, a refresh re-evaluates both.
  • Confirm you're an org admin. Management pages and most reports are admin-only. If a coworker can see something you can't, compare roles.

Sign-in problems

If you're stuck at the login screen or bounced back to it after clicking a link, the error banner on the page tells you which case you're in. Hook maps a fixed set of error codes to plain-language messages:

  • "This email has not been invited." (not_invited) — The address you signed in with isn't a known Hook user. Sign-in is invitation-only: your identity has to match a user your admin created. Ask your admin to add you, then try again.
  • "This account is not authorized to sign in." (not_authorized) — You authenticated successfully, but your account isn't set up as an active console user. The banner adds: if you are attempting to complete training, please go to the training school site at school.hooksecurity.net. Learners take courses on the school site, not the admin portals — this is the single most common mix-up.
  • "Please click the magic link in the same browser where you requested it." (different_browser) — Magic links use PKCE, which ties the link to the browser that requested it. Opening the link in a different browser (or a link-preview / email-scanner that pre-fetches URLs) breaks the handshake. Request a fresh link and open it in the same browser you started in. The one-time code (OTP) tab avoids this entirely.
  • "Your code has expired." / "Invalid or expired code." (otp_expired, otp_invalid) — The numeric OTP is short-lived. Use Resend code (a 30-second cooldown applies) and enter the newest code. Codes are six digits and numeric only.
  • "Too many attempts." (otp_rate_limited) — You've requested codes too quickly. Wait a moment, then try again.

Login page showing the OTP and Password tabs with the not-authorized error banner

Two sign-in methods exist on the same screen — a one-time OTP Code and a Password tab. If passwords are giving you trouble, use the OTP tab, or use Forgot your password? to reset. For the full decision tree, see Troubleshoot sign-in.

Missing sidebar sections or "access denied" redirects

If a whole section is missing from the left nav — or you click a link and get redirected with an access-denied message — it's almost always one of two causes:

  • The feature is behind a flag for your org. Several nav sections are feature-flagged per organization: Training, Phishing Sim, Autopilot, User Management, Integrations, and What's New. When a flag is off for the org you have selected, that whole section simply doesn't render — there's no greyed-out placeholder. If a section you expect is absent, first confirm the correct org is selected (sections are evaluated per-org), then ask Hook support whether the flag is enabled for that org.
  • Org-access scoping. You can only act on organizations you're scoped to — your own org and, for parent/MSP accounts, the orgs beneath you. If you try to open a page for an org outside your scope, Hook redirects you rather than showing data you shouldn't see. Switch back to an org you manage.

Switching orgs reloads the nav

Because the visible nav sections depend on the selected org's flags, changing the organization switcher re-evaluates which sections show. If a section appears for one client but not another, that's expected — the flags differ per org.

Common symptoms by area

Use this table to jump to the dedicated guide. Confirm the right org is selected first (see above) — it resolves a large share of these.

Phishing delivery

Emails didn't arrive, a campaign shows a Failed status, or open and click counts stay at zero long after launch. Delivery problems usually trace back to sending-domain authentication, recipient-domain authorization, or the campaign sync. Start with Troubleshoot phishing delivery, and confirm your environment is prepared with Safelist Hook sending domains and IPs and Authorize recipient domains.

Directory sync

Synced groups show the wrong member count, expected users are missing, deactivated users still appear, or a renamed group lingers. Most of these reconcile on the next scheduled sync; some need a change in your identity provider. See Troubleshoot directory sync and the setup guides Sync users from Microsoft Entra and Manage directory connections.

Training enrollments

You assigned a course but learners didn't receive it, an enrollment looks stuck, or the wrong people were enrolled. Targeting almost always depends on group membership, which in turn depends on directory sync. See Troubleshoot training enrollments and the assignment flow in Assign training to groups.

Empty or partial reports

A report opens but the tables are blank, or numbers look lower than you expect. The usual causes, in order:

  1. Wrong org selected. Reports scope to the active org. Switch to the org whose data you want.
  2. No activity yet. A report has nothing to show until a campaign has run or training has been assigned in that org.
  3. Timing. Fresh phishing events take a little while to populate after launch — open/click data is usually clear within 24 hours.

Once data exists, the reporting guides walk through each report: Browse and run reports, Read the executive summary report, and Review enrollment history.

Still stuck? Contact support

If none of the linked guides resolve your issue, email support@hooksecurity.co. To get a fast, accurate answer, include:

  • Your organization name (the one selected in the switcher when the problem happened — not just your login email).
  • A screenshot of the error or the unexpected screen, with the URL visible.
  • What you expected versus what you saw, and the steps that led there.

Organization switcher open in the sidebar showing the active workspace and available organizations

On this page