> ## Documentation Index
> Fetch the complete documentation index at: https://docs.osto.one/llms.txt
> Use this file to discover all available pages before exploring further.

# Asset Management

> Everything you onboard into Osto for protection — domains, users, servers, and certificates.

Asset Management covers everything you onboard into Osto for protection. It maps to the **Assets** section in the dashboard sidebar:

```
Assets
├─ Domains
│  ├─ Manage Domains       → see Managing Websites & Subdomains
│  └─ Manage Certificate   → see Managing SSL Certificates
├─ Endpoint Users          → see Managing Users & Groups
└─ Server Access
   ├─ Secure Server        → standalone hosts (install script per host)
   └─ Secure Gateway       → broker + child servers behind it (private IPs)
```

## In this section

* [**Managing Websites & Subdomains**](/how-to-guides/asset-management/managing-websites) — register the web properties Osto should protect.
* [**Managing SSL Certificates**](/how-to-guides/asset-management/managing-ssl-certificates) — upload the certificates Osto presents to your origin servers.
* [**Managing Users & Groups**](/how-to-guides/asset-management/managing-users-groups) — onboard endpoint users and organize them into Usergroups.
* [**Managing Secure Servers**](/how-to-guides/asset-management/managing-secure-servers) — register the servers Osto brokers access to. Covers both standalone Secure Servers and Secure Gateways with child servers.

## Two paths for server access

Osto offers two ways to put a server behind Zero Trust access:

1. **Standalone Secure Server** — install Osto's agent directly on each server. Best for a small number of hosts, or hosts on different networks. **Linux and Windows** supported.
2. **Secure Gateway with Child Servers** — install the gateway agent once on a Linux host inside your network; then register child servers by their private IP. The gateway brokers connections to them — no per-server install needed. Best when many internal hosts share a network segment.

Both approaches are covered in [Managing Secure Servers](/how-to-guides/asset-management/managing-secure-servers).

## A typical onboarding order

1. **Domains first** — add your root domain (or just a subdomain) and update DNS to point traffic through Osto. Inbound protection becomes active immediately.
2. **Certificates** — upload a certificate so traffic between Osto and your origin stays encrypted.
3. **Endpoint Users** — invite your team. They install the Osto agent and start receiving endpoint policies.
4. **Secure Servers** — register the hosts you want Osto to broker access to (either standalone or behind a Gateway).

Once these are in, the rest of the platform (Scanner, Code Security, Posture Management, Compliance) has something to work with.
