Hi there, welcome to Cerby!
If you are reading this guide, it means you have started using our platform, or you are interested in knowing more about us. We are a cybersecurity company focused on helping you and your organization onboard and secure the apps you use, as well as the accounts you share.
We automate common security hygiene tasks that are often left undone by business users, especially for apps managed outside of IT. Some examples of these apps include social media, bank accounts, eCommerce systems, internal apps, and legacy systems.
With Cerby, you can continue to onboard and manage your preferred solutions freely, with minimal but sufficient involvement from your IT department. The following are some of the benefits of our solution:
Manage accounts from a single user interface (UI). Modify access permissions across the apps used by your team from a single place.
Empower your teams. Enable your teams to share accounts securely with any team member or third parties, such as contractors and agencies.
Discover and audit all behavior in applications. Monitor the applications registered by your team members and managed by Cerby to understand their usage.
Automate common security tasks and operations. Enable security best practices automatically for all the applications in your workspace.
Remember only one set of credentials. Access automatically all the accounts of the apps you use daily from your workspace without entering any credentials. You must only remember your credentials to log in to your Cerby workspace.
So, let’s get started. This guide contains the following basic information:
The following sections describe each topic.
How does Cerby work?
The solution offered by Cerby combines the following three clients that work together to provide you with the best experience.
Browser extension: It enables you to log in to your accounts by automatically filling the credentials you store in Cerby in the corresponding fields of your apps. It also helps automate all of the security hygiene tasks available in Cerby.
The Cerby browser extension is available for the following browsers:
TIP: For instructions to install the browser extension, see the How to install the Cerby browser extension video.
Mobile application: It enables you to access your accounts from your mobile phone. It also serves as a second device to authenticate for sensitive tasks.
The Cerby mobile app is available for the following operating systems:
TIP: For instructions to install the mobile app, see the How to install and set up the Cerby mobile app video.
Web application: It enables you to manage all your accounts, share access across your teams, and access your accounts, all from a single place.
The Cerby web app is available for any browser.
What’s a workspace?
A workspace is an environment in which organizations and users can access a set of shared accounts to log in to other apps. For example, an organization can leverage a Cerby workspace to log in to their social media accounts and manage the overall security of these accounts.
Through a Cerby workspace, organizations and users can also manage their accounts and perform the following actions:
Manage user permissions.
Manage app accounts.
Onboard two-factor authentication (2FA) and rotate passwords for accounts.
Manage user provisioning and deprovisioning.
Configure authentication with an identity provider (IDP).
Retrieve analytics for account usage and user activity.
Organizations may have one or multiple workspaces depending on their needs. However, usually, one organization has one workspace.
Currently, you can only create a workspace from an invitation sent by the Cerby team from our official email address, help@cerby.com. After creating your workspace, its name is displayed and identified as follows <workspace name>.cerby.com.
What’s a role in Cerby?
We leverage roles to identify what you can or can’t do in Cerby and within your applications.
A role is a set of permissions that represent the tasks, activities, or functions you can perform as a user. Cerby manages roles at a workspace and item level, and roles are also inherited from the configuration of your apps.
The advantage of using role-based access management is that, after logging in to your workspace, you are automatically granted permissions depending on your role.
The following are the different roles in Cerby depending on your access level:
Workspace-level roles
Workspace Owner
Workspace Super Admin
Workspace Admin
Workspace User
Workspace Guest user
Item-level roles
Owner
Collaborator
For detailed information about roles, read the article How Cerby manages roles.
What’s the dashboard?
The dashboard is the graphical interface of the Cerby web app that integrates information about users, accounts, configuration, services, and applications.
Every time you log in to the Cerby web app, you land on the homepage, which corresponds to the All accounts view, as shown in Figure 1.
Figure 1. Homepage of the Cerby Dashboard
To navigate through the different features of Cerby, the dashboard contains the left navigation drawer and the main section that contains the different views, pages, information, and account cards.
Account cards
Account cards are the most important components of the dashboard. They consist of card-type buttons displayed on the dashboard homepage representing the accounts from the multiple apps you can access and manage through Cerby. Account cards redirect you to log in and authenticate automatically into your apps.
Every time you add an account to Cerby, the corresponding account card is created in the dashboard. To learn how to add an account, see the 2. Add Your Accounts to Cerby section.
As shown in Figure 2, the default view of account cards is a grid, but you can also display them as a list. To select every view option, click the List or Grid icons located at the top of the main section.
Figure 2. Grid View of Example Account Cards
You can also display all the account cards or group them by application or service provider by selecting the corresponding option from the Group by drop-down list located at the top of the main section.
For a list of actions that users can perform from an account card depending on their role, read the article How Cerby manages roles.
What can I do from the dashboard?
Depending on your role, you can access different features of the Cerby dashboard. The available options are located in the left navigation drawer and the top navigation bar, and each option displays a view or a feature in the main section of the window.
NOTE: If you see a feature that is not enabled for your workspace, reach out to your account manager or send an email to support@cerby.com to enable it.
The following are the different views and features that you can display when clicking the corresponding options from the left navigation drawer and top bar:
The following sections describe each view and feature.
All accounts
The All accounts view is the default homepage of the Cerby dashboard and contains all the accounts added to Cerby. This view is enabled for all roles.
You can perform the following actions from the All accounts view:
See and interact with account cards, as mentioned in the Account Cards section.
Search for accounts by their account label or application name.
Add an account through a wizard by clicking the Add account button.
Collections
The Collections view, as shown in Figure 3, contains all the collections created by you or your team members in Cerby to help you categorize and access your accounts. This view is enabled for all roles; however, users can only see the collections shared with them or the collections they created.
Figure 3. Collections View of the Cerby Dashboard
A collection consists of groups of accounts. Only users with the Account Owner role can add to collections the accounts they are owners of and share collections with other users, whether they are Account Owners or Account Collaborators.
You can perform the following actions from the Collections view:
See and interact with account cards, as mentioned in the Account Cards section, plus remove accounts from the collection.
Search for collections by their collection name.
Create a collection through a wizard by clicking the Create collection button.
All members
The All members view, as shown in Figure 4, contains a table with all the account members within a Cerby workspace to help you manage them. This view is enabled only for Workspace Admins and Workspace Owners.
Figure 4. All members View of the Cerby Dashboard
You can perform the following actions from the All members view:
See the Account Members table with information in the following columns:
Account Members: It contains the username and email address of the account member.
Workspace role: It is the workspace role of the account member.
Accounts: It displays a More button to see the accounts to which the account member has an Account Owner or Account Collaborator role.
Status: It is the status of the account member, for example,
Live
,Pending
, orRemoved
.Joined Date: It is the date when the account member joined Cerby.
Remove account members by selecting the Remove from Workspace option from the More options drop-down list.
Search for account members by their name or email address.
Export the information from the Account Members table in a CSV file.
Activity
The Activity view, as shown in Figure 5, contains information about user activity within a workspace. This view is enabled for all users to see the activity of the accounts for which they are owners, and Workspace Admins can see the activity of all accounts.
Figure 5. Activity View of the Cerby Dashboard
You can perform the following actions from the Activity view:
See the Activity Log table with information in the following columns:
Time: It is the time when the user activity was registered.
Event: It is the type of activity performed by the user, for example,
Login To Cerby
orAccount Added To Collection
.Account: It is the label of the account in Cerby related to the user activity.
App: It is the application related to the user activity.
User: It is the name of the user in Cerby who performed the activity.
Location: It is the geographical location of the user.
OS: It is the operating system of the user’s device.
Device: It is the user’s device from where the activity was registered.
NOTE: You can apply filters to the information in the table by selecting the corresponding options from the following drop-down lists:
Date Range
App
Accounts
Users & Groups
Download the activity report in a CSV file by clicking the Download CSV button.
Billing
The Billing view, as shown in Figure 6, contains information about your billable accounts within a Cerby workspace. This view is enabled only for Workspace Admins.
Figure 6. Billing View of the Cerby Dashboard
You can perform the following actions from the Billing view:
See the Billable accounts section with information about the fully supported and automated accounts through Cerby; also, the accounts with a phone number or email managed by Cerby.
See the Billing cycle section with information about your contract’s cycle setup with your Cerby business account manager.
See the List of Billable Accounts table with information in the following columns:
Application
Account name
Username
Account Owners
Policies
The Policies view, as shown in Figure 7, contains the workspace security policies that you can enforce for your accounts. This view is enabled only for Workspace Admins.
Figure 7. Policies View of the Cerby Dashboard
You can perform the following actions from the Policies view:
Enforce 2FA for all accounts.
Enforce password rotation for all accounts within a determined time.
Automate 2FA and password rotation for supported apps.
See the Flagged Accounts table with information about accounts that don’t comply with the workspace security policy in the following columns:
Account
Issue
Shared Inbox
The Shared Inbox, as shown in Figure 8, is a feature that enables you and your team members to receive and store the messages sent to the phone numbers and email addresses provisioned and managed by Cerby and configured in your app accounts. This feature is enabled for all roles when users are Account Owners or Account Collaborators for an account.
Figure 8. Shared Inbox in the Cerby Dashboard
Cerby leverages the Shared Inbox to provide you with automatic logging-in processes to your accounts, including verification codes for 2FA. To learn more about 2FA, see the Turning on 2FA section.
You can perform the following actions from the Shared Inbox:
See a table with the received messages and information in the following columns:
Account: It is the label of the account in Cerby.
Type: It is the type of message received in the Shared Inbox, for example, SMS or Email.
From: It is the name of the app and the email address that sends the message.
Message: It is the content of the message.
Date: It is the date when the message is received.
NOTE: You can apply filters to the information in the table by selecting the corresponding options from the following drop-down lists:
App
Account
Collection
Type
Refresh the page by clicking the Refresh button
My Profile
The My Profile page, as shown in Figure 9, is a feature that enables you to see your profile information in Cerby. This feature is enabled for all roles.
Figure 9. My Profile Page in the Cerby Dashboard
When you click the Hi there <username>! button, a drop-down menu appears with the following options:
The profile button with your username and email address: It opens the My Profile page in the main section of the window with the following information in the Details section of the General tab:
Joined Date: It is the date when you joined Cerby.
Email: It is your email address registered in Cerby.
Workspace role: It is your role in Cerby.
The Products and Extensions button: It opens the Let's get everything setup page with the status of the browser extension (installed or not) and mobile application (device configured or not).
The Log out button: It logs you out from your workspace.
How do I start using Cerby?
Now that you know all the basic information, it’s time to start using Cerby. We prepared the following steps to get you covered:
The following sections describe each step.
1. Configure your Cerby workspace
To leverage the organization directory and authentication you have with an IDP, you can configure your Cerby workspace to synchronize information. With this configuration, Cerby can perform the following actions:
Import the users and contacts from your organization directory so you can share accounts easily with them.
Provision and deprovision users automatically.
Leverage authentication to Cerby through an IDP.
Supported IDPs
Currently, Cerby supports the following IDPs, and you can read the documentation from our Cerby Help Center to guide you on how to configure them:
Okta
Azure AD
Google
2. Add your accounts to Cerby
After configuring your organization directory, it’s time to get down to business and start adding your application accounts to securely manage their access through Cerby.
Unlike other cybersecurity platforms, Cerby goes beyond storing the login credentials of your applications. We have built app-specific automation workflows to help you comply with security policies and reduce exposure to cyber-attacks.
You can see the list of apps and automation workflows that Cerby currently supports in the Which Apps and Automation Workflows are Supported by Cerby article.
To add your accounts to Cerby, you have the following options:
The following sections describe each option.
Using the wizard
The Add Account wizard guides you through the process of adding an account, whether it is for an app currently supported by Cerby with automation workflows or not, as mentioned above.
Also, you can add business center accounts to manage provisioning and deprovisioning of access to your pages and assets in social media from your Cerby workspace.
To add accounts using the wizard, complete the following steps:
Click the Add account button from the All accounts view. The Add Account wizard is displayed.
Follow the instructions of the wizard to add your account. The corresponding account card is added to the All accounts view when you complete the process.
TIP: For detailed instructions to add business center accounts, see the corresponding articles in our Help Center:
Sharing existing accounts
The Share Account feature enables you to share an existing account with another user from the workspace.
To share existing accounts, complete the following steps:
Click the Share Account button from the corresponding account card in the All accounts view. The Share Access dialog box is displayed.
Enter the username or email address of the person in your company you want to share the account.
IMPORTANT: The user must be added either to your corporate SSO provider or must have logged in to Cerby to be available for sharing.
Click the Share button. The dialog box closes, and the account is shared.
Sharing a business center account and assets
The Share Account feature enables you to share an existing business center account and assets with another user from the workspace. However, you must first share access to the business center and later to its assets, such as ad accounts, pixels, and pages.
To share a business center account and assets, complete the following steps:
Share the business center account
Click the Share Account button from the corresponding account card. The Share Access dialog box is displayed.
Enter the username or email address of the person in your company you want to share the account. The users that match the name or email address you entered are displayed automatically.
IMPORTANT: The user must be added either to your corporate SSO provider or must have logged in to Cerby to be available for sharing.
Select the corresponding team member. The team member is added to a list in the MEMBER section.
Configure the role of your team member for the account in Cerby and for the business center by performing the following actions:
Select the corresponding Cerby account role from the drop-down list in the MEMBER section:
Collaborator. Your team members will only be able to log in to the accounts.
Owner. Your team members will be able to share access and manage the account configuration.
Select the corresponding business center role from the checkboxes or switches in the Channel Role section. These roles are inherited from the business center.
Click the Share button. The wizard closes, and a success message box is displayed.
NOTE: The Authorize <business center> share dialog box might be displayed if Cerby detects you don’t have an active session on your business center. Log in to your business center in a new browser window; then, go back to Cerby and click the Confirm button.
Share the business center assets
Click the View Account Assets button from the corresponding account card. The account assets page is displayed.
Click the Share Account button from the corresponding account asset. The Share Access dialog box is displayed.
Enter the username or email address of the person in your company you want to share the account. The users that match the name or email address you entered are displayed automatically.
Select the corresponding team member. The team member is added to a list in the MEMBER section.
Configure the role of your team member for the asset account in Cerby and for the business center asset by performing the following actions:
Select the corresponding Cerby account role from the drop-down list in the MEMBER section:
Collaborator. Your team members will only be able to log in to the accounts.
Owner. Your team members will be able to share access and manage the account configuration.
Select the corresponding business center role from the checkboxes or switches in the Channel Role section. These roles are inherited from the business center.
Click the Share button. The wizard closes, and a success message box is displayed.
NOTE: The Authorize <asset account> share dialog box might be displayed if Cerby detects you don’t have an active session on your business center. Log in to your business center in a new browser window; then, go back to Cerby and click the Confirm button.
Migrating accounts from your password manager
The Add Account wizard also enables you to migrate your accounts from your password manager to Cerby. This process involves importing your folders and accounts and migrating the OTP seed for 2FA.
To migrate accounts, complete the following steps:
Click the Add account button from the All accounts view. The Add Account wizard is displayed.
Click the Migrate accounts from your password manager button.
Follow the instructions of the wizard to migrate one or multiple accounts. The corresponding account cards are added to the All Accounts view when you complete the process.
3. Start enforcing security
To start implementing security best practices in your accounts, you can enforce and trigger them from your Cerby workspace.
You can enforce the following security best practices:
The following sections describe each security best practice.
Rotating passwords
Cerby can automatically rotate passwords and provide secure and robust new passwords for your accounts. This feature is only enabled for supported apps through the Cerby web app.
You can enforce password rotation for all accounts within a determined time, and you can trigger rotation from external actions, such as deprovisioned employees and account breaches.
To rotate the password of your accounts, you have the following options:
From the account settings
Click the Settings button of the corresponding account card. The account settings page is displayed.
Click the Rotate Password button.
From the Policies view
Activate the Password Rotation switch in the Policies view to require password rotation for all accounts within the workspace every determined time.
Activate automatic password rotation for supported apps every determined time.
Using Cerby-managed email addresses and phone numbers
Cerby provides and manages securely generated email addresses and phone numbers you can use for your accounts and across your organization.
By managing these services, Cerby can improve the logging-in process of your applications by automatically filling your verification codes when 2FA is turned on. These codes are retrieved from your Shared Inbox in Cerby.
You can create a Cerby-managed email address and phone number through the web app after adding an account to Cerby.
To create a Cerby-managed email address, complete the following steps:
Click the Settings button of the corresponding account card in the All accounts view of the dashboard. The account settings page is displayed.
Activate the Create Email Address switch. The Add a Cerby managed email dialog box is displayed.
Click the Protect my email address button. A success message is displayed indicating the email address was created.
Click the Set up email address button. The Auto-forward messages dialog box is displayed.
NOTE: The auto-forward messages feature of Cerby enables you to designate recipients for the emails you receive in your Cerby-managed email address. You can configure it later from your account settings.
Click the Skip button. The Update email address on <account name> dialog box is displayed with the email address you created.
Copy the email address.
Open the account settings of your app in a new browser window.
Configure the email address manually in the account settings of your app.
Go back to the browser window with the Cerby web app.
Click the Confirm button. The dialog box closes, and a success message box is displayed.
IMPORTANT: Make sure you configure the Cerby-managed email address on your app before clicking the Confirm button.
To create a Cerby-managed phone number, complete the following steps:
Click the Settings button of the corresponding account card. The account settings page is displayed.
Activate the Create Phone Number switch. The Cerby-generated Phone Number dialog box is displayed with a US phone number.
Copy the phone number.
Open the account settings of your app in a new browser window.
Configure the phone number manually in the account settings of your app.
Go back to the browser window with the Cerby web app.
Select the I have already added the phone number to <app name> account setting option.
Select the I'm using this phone number for 2FA option if you are going to use the Cerby-managed phone number as a 2FA verification method.
Click the Create Phone Number button. The dialog box closes, and a success message box is displayed.
Turning on 2FA
Cerby help you implement 2FA to improve the security of your accounts significantly.
You can configure the Cerby mobile app as an authenticator, and you can also use Cerby-managed email addresses and phone numbers as verification methods to improve your logging-in experience, as you saw in the Using Cerby-Managed Email Addresses and Phone Numbers section.
Unlike other authenticator apps, when you turn on 2FA with Cerby, verification codes are distributed to all the account members whenever they need them.
To turn on 2FA for your accounts, you have the following options:
Automatically from the Cerby web app, with a single click, for supported apps
Click the Settings button of the corresponding account card. The account settings page is displayed.
Activate the Second Layer of Protection switch in the TWO-FACTOR AUTHENTICATION section.
Automatically from the Policies view for new supported apps added to Cerby
Click the Policies button from the left navigation drawer. The Policies view is displayed.
Click the Edit Policies button. The Edit Policies page is displayed.
Activate the Two-Factor Authentication Required switch to turn on 2FA automatically when new supported apps are added to Cerby
Manually from the account settings of the application for unsupported apps
Using the Cerby mobile app as an authenticator
Go to the account settings of your application.
Link your account to the Cerby mobile app by scanning or entering the code or secret key provided by the application.
Save your recovery codes in the Cerby web app through the account settings.
Using Cerby-managed email addresses or phone numbers as verification methods
Go to the account settings of your application.
Create the email address or phone number at Cerby, following the instructions in the Using Cerby-Managed Email Addresses and Phone Numbers section.
Configure the email address as a 2FA verification method on the account settings of your application.
Retrieve the verification codes from the Cerby Shared Inbox to complete the configuration process in the application.
NOTE: After turning on 2FA manually and configuring the authenticator and verification methods with Cerby, users will be able to retrieve verification codes from the Cerby browser extension or the Cerby mobile app when logging in to their apps.