Skip to main content
All CollectionsApps
Explore Apps
Explore Apps

This article describes the key benefits of the Apps feature to centrally manage the users and assets of your seat-based and paid social apps

Cerby Team avatar
Written by Cerby Team
Updated over 2 months ago

With Apps, you can simplify user and access management for all your seat-based software-as-a-service (SaaS) and paid social (also known as business centers) apps.

In these apps, users belong to collaboration spaces (workspaces, teams, or dashboards) with different roles and permissions, and admins manage user access by leveraging individual seats or licenses instead of shared sessions. Some examples of SaaS and paid social apps are Meta Business Manager, TikTok for Business, Apple, Asana, Atlassian, Calendly, and GitHub.

Cerby Apps are connected to such collaboration spaces via integrations based on application programming interfaces (APIs) and automation to help you and your company import and sync the following user data:

  • Members or users

  • Native partners

  • Roles and permissions

  • Assets, such as ad accounts, pages, and pixels

After syncing the information, you can centrally and securely manage user access to all your apps and assets from Cerby; therefore, you only have to interact with one user interface. Additionally, you gain visibility on who accesses your application and their role level, including your partners.

Users with a Cerby account are automatically matched to their corresponding identity in your corporate directory, which may be managed by an identity provider (IdP) such as Okta or Entra ID (formerly Azure AD).

External collaborators without a Cerby account are displayed as unmatched users. You can invite them to your workspace as guest users or local partners, with secure credentials provided and managed by Cerby. Then, they can join your app through Cerby. With native partners, you can also gain visibility on the users who access your assets to run ad campaigns on your partner's side.

When users accept your invite and connect their user account to Cerby, you can secure their access, update their role, and comply with security best practices such as two-factor authentication (2FA).

Figure 1 shows the Apps view in the Cerby web app dashboard, the interface that enables you to manage all your connected seat-based and paid social apps

Screenshot of the Cerby web app dashboard. The Apps view is displayed with a table of connected App integrations and the Enter app details dialog box located at the right side of the page

Figure 1. Apps view in the Cerby web app dashboard

To start using this feature, the first step is to connect an app.

Learn how Apps work in Cerby

Cerby’s App integrations are connected to the collaboration space of your SaaS and paid social apps through an automation account with a native admin role. Cerby uses it as a service account to manage user access and assets on your behalf through a bot that executes automated tasks server-side in a remote browser.

Figure 2 shows a high-level architecture of an App integration in Cerby connected to a seat-based or paid social app.

Diagram of the high-level architecture of a Cerby App integration. The diagram shows the multiple components involved, such as end users, identity provider, Cerby platform, Cerby API, customer workspace, Cerby bot, and seat-based and paid social apps

Figure 2. High-level architecture of a Cerby App integration

The IdP provides user authentication services via single sign-on (SSO) and enables a federated identity system for a Cerby workspace. Customers use the Cerby platform as follows:

  • Host the customer workspace in the AWS cloud, and encrypt and store sensitive data.

  • Provide end users with a secure way to log in to their seat-based and paid social apps.

  • Provide admins with a centralized hub to manage and protect end-user access to their seat-based and paid social apps via automated tasks.

  • Host Cerby’s automation engine to perform automated tasks in a remote headless browser.

Supported automated tasks

The following are the supported automated tasks for any of the App integrations available in the Cerby platform:

  • Check for updates: This task extracts the information directly from the table of users of your seat-based and paid social apps. The Cerby bot reads each row and generates a report listing all users, including their roles and assets if supported.

  • Invite new app members: This task receives from the Cerby platform a list of new users and the roles to assign to them. The Cerby bot then creates the users in your seat-based and paid social apps and sends the corresponding invites. When the App integration is connected to an IdP group, the Cerby bot can send invites based on user provisioning events or account activation.

  • Update app member’s role: This task receives from the Cerby platform a list of users and roles to reassign. The Cerby bot updates the native role of each user in your seat-based and paid social apps.

  • Remove app members: This task receives from the Cerby platform a list of users to remove. The Cerby bot then removes each user from your seat-based and paid social apps. When the App integration is connected to an IdP group, the removal can be based on user deprovisioning events or account deactivation.

Cerby also supports the following automated tasks for partners that natively exist on paid social apps, such as Meta Business Manager and TikTok For Business:

  • Monitor partners: This task extracts, upon native partner onboarding, the information of the partner’s users with shared access to the assets you own or that a partner shared with your paid social app.

  • Manage partner assets: This task receives from the Cerby platform, upon native partner onboarding, a list of assets and roles to assign to a specific native partner of your paid social app. The Cerby bot follows the process of sharing assets with your partners.

App management in Cerby

An App integration is like other regular accounts you add and manage through Cerby because users are granted access to them with the Owner or Collaborator role. For more information about roles, read the article How Cerby manages roles.

The user who adds the App and connects it to their user account with an admin role becomes the Owner and can extend this role to other users by sharing access with them to the App. Only App Owners can perform automated user management tasks from Cerby.

Users who connect their user accounts to Cerby after being synced and matched are granted the Collaborator role on the App.

User management and login method

When connecting an App integration to Cerby, Owners can select one of two user management and login methods depending on the seat-based and paid social app’s setup:

  • Single sign-on (SSO): Access is managed via your IdP, and users log in via SSO authentication. In this case, users are not asked to save their credentials in Cerby, and they continue accessing their seat-based and paid social apps as usual.

  • Username and password: Account security and access are managed from Ceby, and users log in through Cerby. In this case, users are asked to save their credentials in Cerby and connect them to the App integration; therefore, you can implement and automate the following security policies on user accounts:

    • Turn on and off two-factor authentication (2FA)

    • Rotate password

Supported App integrations

The following is a list of the supported App integrations:

Did this answer your question?