# The onboarding wizard The onboarding wizard runs automatically the first time anyone signs in to a brand-new tenant. It walks the first user through generating an access token for the Seal CLI, optionally connecting Seal to GitHub, and importing the tenant's first projects so Seal has something to scan. Some tenants are configured by Seal to skip the wizard. In that case the first user lands directly on the Protection page, where the equivalent setup options are offered as [Welcome cards](#the-welcome-cards-on-the-protection-page). The wizard runs once per tenant. After it completes or is skipped, subsequent users land on the Dashboard. You can skip any step in the wizard with a **Maybe later** button. ## 1. Set up your CLI access The first stage generates a **production access token** that the Seal CLI uses to authenticate against the Seal Artifact Server. 1. Click **Generate token**. The token appears in a read-only field with a copy-to-clipboard icon. 2. Copy the token and save it somewhere secure: a secret manager or your CI/CD's secret store. The token only allows pulling sealed packages from the Seal Artifact Server; it does not let anyone perform operations on the platform on your behalf. Treat it like any other credential. 3. The token is shown only at generation time. If you lose it, you can create a new one from **Settings > Tokens** at any time. The Tokens tab is also where you create development tokens for local use. 4. Click **Next** to continue. ## 2. Connect your source control Connecting Seal to your source control gives Seal more accurate visibility into your packages and, for GitHub, lets Seal open automatic pull requests for fixes. Seal recommends connecting if you can. It is not a blocker: if your team does not yet have permission to install GitHub Apps in your organization or approval will take time, click **Maybe later** and proceed with a CLI-only setup. Seal works fully without source-control access. The wizard's source-control step uses **GitHub**, through the Seal GitHub App. Click the GitHub card to install and authorize the app. You will be redirected to GitHub to choose which repositories Seal sees, then returned to the wizard. For **GitLab** or **Azure DevOps** connections, set those up later from the Projects page using the **Import project** button. ## 3. Import your first projects After GitHub is connected, the wizard offers two import flows: * **Pick from a list of all your repositories.** Seal lists the repositories you authorized; you select which ones to import. This flow works well when your authorized set is in the dozens. With thousands of repositories it becomes impractical to select individually; importing all of them is possible, but the initial scan can take an hour or more. * **Paste specific repository URLs.** If you already know which repository or repositories you want, paste their URLs directly. The manual flow is currently capped at three URLs. Once at least one project is imported, click **Next** to finish the wizard. You land on the Dashboard. ## The Welcome cards on the Protection page Until your tenant has accumulated scan data, the Protection page shows two suggestion cards in place of the usual tabs. The cards are the same setup choices the wizard offers and remain available whether you went through the wizard, skipped it, or your tenant was configured to skip it from the start. Once Seal has scanned at least one Seal Project, the cards are replaced by the regular Protection page tabs. ### Connect to source control The card's primary button is labeled **Import projects**. Clicking it opens a dropdown of supported sources: * **GitHub** (the recommended path; uses the Seal GitHub App). * **GitLab**. * **Azure DevOps**. * **Snyk**, for importing existing Snyk projects into Seal. * A file-upload option for one-shot manifest or SBOM imports. Selecting a source opens its modal, which handles authentication and project selection. ### Connect to artifact server The card's button is labeled **See instructions**. Clicking it opens an in-page guide showing the three things you need to use the Seal Artifact Server as a deployment method: 1. **Generate an access token.** The same generate-token control the wizard uses is embedded in the modal. If you already have a token saved, you do not need a new one. 2. **Configure Seal as an artifact server** in your package manager. 3. **Edit your dependency files** to use sealed versions. The modal links out to the relevant setup chapters and to `support@seal.security` for help. ## After the wizard Initial scans run in the background. Right after the wizard exits, the [Dashboard](/new-documentation/new-docs/dashboard.md) shows a Welcome view with onboarding suggestions rather than the regular metric tiles, since no scans have produced data yet. To watch scan results as they come in, open the **Vulnerable packages** tab on the Protection page. (Until at least one scan has produced data, that tab is replaced by the [Welcome cards](#the-welcome-cards-on-the-protection-page) above.) Once it appears, the tab lists the vulnerable packages Seal has found, the vulnerabilities affecting them, and a count of vulnerable packages at the top. It updates as each scan completes. If you skipped source-control connection, your next step is usually to install the Seal CLI in your CI/CD pipeline. See [Seal Apps via the Seal CLI in CI/CD](https://github.com/seal-community/gitbook/blob/main/new-docs/setup-apps-os/cli-in-cicd/README.md). To create additional Seal Projects, see [Creating a Seal Project](/new-documentation/new-docs/creating-a-seal-project.md). ## Related * [Sign up and sign in](/new-documentation/new-docs/sign-up-and-sign-in.md) * [Managing tokens](/new-documentation/new-docs/tokens.md) * [The Protection page](/new-documentation/new-docs/protection-page.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/new-documentation/new-docs/onboarding-wizard.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.