LowerPlane supports three authentication methods for connecting integrations. The available method depends on the specific tool you are connecting.

Authentication Methods

OAuth is the preferred method for integrations that support it. LowerPlane redirects you to the provider’s authorization page, where you grant access. Tokens are stored securely and refreshed automatically.Supported by: Google Workspace, Okta, GitHub, GitLab, Slack, Jira, Asana, BambooHR, and many others.
1

Select the integration

Navigate to Integrations and find the tool you want to connect. Click Connect.
2

Provide instance details (if required)

Some integrations require an instance URL, tenant ID, or account identifier before OAuth can begin. Enter these when prompted.
3

Authorize in the provider

You will be redirected to the provider’s login and authorization page. Sign in and grant the requested permissions.
4

Return to LowerPlane

After authorization, you are redirected back to LowerPlane. The integration status updates to Active and an initial sync begins automatically.
Use a service account or shared admin account for OAuth connections rather than a personal account. This prevents the integration from breaking if an individual leaves the organization.

Configuring Sync Frequency

After connecting an integration, you can configure how frequently LowerPlane syncs data.
FrequencyIntervalBest For
HourlyEvery 60 minutesIdentity providers, critical security tools
DailyOnce per dayCloud providers, version control, most tools
WeeklyOnce per weekHR systems, background checks
ManualOn-demand onlyAudit preparation, spot checks
To change the sync frequency:
  1. Go to Integrations and click on the connected integration.
  2. Select the desired frequency from the Sync Frequency dropdown.
  3. Save your changes. The next sync will follow the new schedule.
Changing the sync frequency does not trigger an immediate sync. Click Sync Now if you need fresh data right away.

Managing Connected Integrations

Triggering a Manual Sync

Click Sync Now on any connected integration to start an immediate data sync. This is useful before an audit or after making configuration changes in the connected tool.

Refreshing OAuth Tokens

If an OAuth integration shows a token expiration warning, click Refresh Tokens to obtain new credentials without disconnecting and reconnecting.

Revoking Access

To disconnect an integration:
  1. Click on the integration in your integrations list.
  2. Select Disconnect or Revoke Access.
  3. Confirm the action.
Disconnecting an integration stops all automated evidence collection and test execution for that tool. Previously collected evidence remains in your vault, but it will no longer be refreshed.

Troubleshooting Connection Issues

Ensure your browser allows pop-ups from LowerPlane. Some ad blockers interfere with OAuth redirects. Try disabling extensions or using an incognito window.
Verify that the API key has not expired and that it has the required read permissions. Some providers generate keys that are scoped to specific environments or regions — make sure you are using the correct one.
Check the error message displayed on the integration detail page. Common causes include insufficient permissions, rate limiting by the provider, or network connectivity issues.
Verify that the connected account has data in the expected scope. For example, an AWS integration scoped to a single region will not collect resources from other regions. Expand the scope or connect additional regions.
If someone revokes the OAuth token from the provider’s side, the integration will enter an error state. Reconnect the integration by clicking Reconnect and completing the OAuth flow again.

Permissions Reference

Each integration requires specific permissions in the provider. LowerPlane follows the principle of least privilege.
Provider TypeTypical Permissions Required
Cloud ProvidersRead-only access to security configurations, IAM policies, and resource inventories
Identity ProvidersRead access to users, groups, MFA status, and authentication logs
Security ToolsRead access to findings, vulnerabilities, and scan results
HR SystemsRead access to employee directory (name, email, department, status)
Version ControlRead access to repositories, branch protection rules, and pull request reviews
LowerPlane never modifies configurations in your connected tools. All integrations operate in read-only mode unless you explicitly enable write actions for specific use cases.