New features
The following are the new features and improvements we released across the Cerby platform:
Keeping it fresh and secure with password policies
We’re rolling out a powerful feature designed to boost your security posture: Password Policies powered by Cerby automation.
With this feature, you can now set policies to enforce password rotations for all the accounts saved in your workspace belonging to an app. You can choose to start the policy after a user login event or schedule rotations on a date you select, specifying the frequency and time window for execution.
The new Password Policies feature is now your go-to solution for protecting your accounts, replacing the existing Policies experience. If you are interested in trying it out, contact your Customer Success Manager.
Figure 1 shows how the Password Policies page looks, with policies for multiple apps.
Figure 1. Password Policies page in the Cerby web app dashboard
Learn more about this feature in the article Explore Password Policies.
Level up your login with RSA token MFA
If you are a user in high-security environments, such as financial institutions, we have something special for you. We’re excited to announce a significant upgrade to our multi-factor authentication (MFA) capabilities.
We now support RSA tokens as the MFA method of your accounts. With this feature, Cerby can streamline the retrieval of codes, enabling you to access your apps faster. Additionally, you can set RSA tokens as your MFA method in two ways: using an activation link in the Cerby web app or scanning a QR code with the Cerby mobile app (iOS and Android).
Figure 2 shows a sneak peek of the RSA token experience.
Figure 2. RSA code in the account details page of the Cerby web app (left) and QR code for setup in the Cerby mobile app (right)
For more information, read the article Set RSA tokens as your account MFA method.
Your data privacy, our priority
We heard and addressed your concerns about data privacy.
To enhance security and reduce the risk of sensitive information being exposed on screen unintendedly, we now hide by default the following data: the body of a secret and multi-factor authentication (MFA) codes. Now, users must click to show these values in the Cerby web app, browser extension, and mobile app.
This added layer of protection means you can navigate your secrets and account details with confidence.
Expanding the identity management horizon
Our commitment to providing a versatile and comprehensive solution for your organization's unique needs continues! We're excited to announce a powerful addition to our robust suite of identity provider (IdP) integrations.
Now, you can enjoy seamless user provisioning via SCIM with OneLogin! This means you can easily set up a Cerby workspace where user accounts are automatically created and removed based on user assignments directly within your OneLogin instance, streamlining your user lifecycle management.
Check out our IdP documentation in the Creating and setting up your workspace collection.
Cerby web app
Check out what’s new in our Cerby web app:
Based on user feedback, push notifications are now removed as the identity confirmation method when creating a public link with the Cerby web app for sharing an account or secret.
We’ve made improvements to the performance of the Members table so that results now load faster.
A new pagination feature now enables our users to customize the number of items to display per page. The available options are 20, 50, and 100 items per page, aiming to improve the user experience and efficiency. Currently, this feature is only released for business hub tables.
Cerby mobile app
Dive into the newest additions to our Cerby mobile app:
You can now use biometric challenges instead of magic links sent via email when you access secrets that require identity confirmation with the Cerby mobile app. This feature aims for a more secure and user-friendly experience and is available from versions iOS v1.0.242 and Android v1.0.201 onwards.
You can now create passkeys when adding an account to Cerby. This feature was initially supported in iOS, but was released for Android in version v1.0.207. For more information about passkeys, read the article Create a passkey for an account using the Cerby mobile app.
Passkeys with Cerby are now supported by Canva and Shopify.
Cerby API
Check out the new endpoints available in our developer portal to perform the following actions with the Cerby API:
Retrieve users or teams of a secret
Share a secret with a user or team
Retrieve a list of vaults
Additionally, we added the lastLoginDate attribute in the account schema. This optional value contains the date when a user last logged in to the account, which means they retrieved the account password for login.
Scout
The Scout by Cerby browser extension keeps evolving:
We’ve made the following improvements to provide you with a better experience when capturing your business workflows with Scout:
Scouting reports are thoroughly verified to prevent empty content.
Users are prompted to scout their business workflows again when encountering issues in the reports.
Fixes
Take note of the issues addressed and resolved by the Development team behind the Cerby platform:
The issue with failed syncs after connecting a Discord business hub was fixed.
The issue with the initial sync to extend accounts to Okta and not syncing teams was fixed.
Cerby web app
The issue with not updating the role of a user in the Members tab of the collection details page was fixed. In some cases, the drop-down menu was not displayed; in others, the update was not applied.
The issue with not loading the vault settings page for an Azure key vault was fixed.
The issue with users being able to add self-managed accounts to Cerby even when this functionality has the blocked status was fixed. Users were able to add the account by pasting the app URL in the App name or URL field of the Add account details dialog box.
The issue with users being unable to add self-managed accounts to Cerby was fixed. In this case, self-managed accounts were not blocked.
The following issues with the local partner experience were fixed:
Guest Admins of a local partner with the Manager role on shared accounts couldn’t share these accounts with Guest Users.
The local partner details section couldn’t be loaded.
Cerby browser extension
The issue with the account autosave experience not working correctly for the Livingston app was fixed.
Cerby mobile app
The issue with the Cerby mobile attempting to open previews for unsupported secret file attachments was fixed. Now, we display a message indicating when the preview is not supported.
Cerby API
The issue with retrieving users who have shared access to a secret via a collection was fixed.
The issue with requests failing when not including the optional message when sharing a secret with a user was fixed.
Security fixes
A potential HTML injection vulnerability in auto-generated emails was fixed. User-controllable content, such as usernames or custom messages when completing automation jobs or sharing collections with other users, is now properly sanitized to prevent malicious HTML from being rendered.
A potential security bypass on iOS devices was fixed. We've expanded and improved our detection methods for jailbroken or rooted devices, automatically blocking access to Cerby if a device is identified as potentially compromised.
New supported managed apps
The following are the latest additions to the list of managed apps with supported automated tasks:
New supported business hubs
The following are the latest additions to the list of business hubs with supported user management automated tasks: