With Cerby, you can configure a local user workspace when you need Cerby to manage the identity and authentication of users instead of leveraging an identity provider (IdP) such as Okta or Azure AD.
In local user workspaces, users are added via direct invites from Cerby to their email addresses, and user management is performed through the All members view. In regular workspaces, the IdP acts as the authoritative source of user identity, and changes in user accounts, attributes, or permissions are synchronized downstream to Cerby via the System for Cross-Domain Identity Management (SCIM) specification.
Regarding authentication, users authenticate directly to Cerby with credentials (username and password) managed by Cerby in local user workspaces. In regular workspaces, users are redirected to their IdP's authentication page to log in to Cerby.
The user who creates and configures a local user workspace becomes the Workspace Owner. They can add users to the workspace and assign them the Workspace Admin or Workspace User roles. For more information about roles, read the Workspace-level roles section from the Getting Started Guide for Admins article.
In addition to editing the workspace details, Workspace Admins can perform the following user management tasks in local user workspaces:
Add new users to the workspace.
Remove users from the workspace.
Edit the workspace-level role of users.
Reset two-factor authentication and password for users.
Local user workspaces can be used when businesses collaborate with external parties who don’t belong to their business domain, such as contractors, agencies, partners, vendors, and clients. With the Partners feature, a regular workspace can securely share accounts, secrets, and collections with a local user workspace. For more information about this feature, read the How to use Partners article.
This article describes how to configure a local user workspace.
Requirements
The following are the requirements to create and configure a local user workspace:
An email invite sent by the Cerby team to create a workspace
An authentication app installed on your mobile phone, such as Google Authenticator, Okta Verify, Microsoft Authenticator, Duo Mobile, or Authy
NOTE: Ask your IT or Security department for the authorized authentication app.
Create and configure a local user workspace
To create and configure a local user workspace, you must complete the following main steps:
The following sections describe each main step.
1. Create your Cerby account and workspace
To create your Cerby account and the local user workspace, you must complete the following steps:
Click the Create your Workspace button from the invite that Cerby sent to your email address. The Welcome to Cerby page is displayed, as shown in Figure 1.
Figure 1. Welcome to Cerby page
Click the Sign in with Cerby button. The Let’s create your workspace page is displayed.
Enter the name of your workspace in the Workspace name field.
Click the Create Workspace button. The Create your account page is displayed.
Create your Cerby account by entering the following information in the corresponding fields:
Name
Last name
Email
Confirm Email
Password
Confirm Password
Click the Create my account button. The Your Workspace page is displayed with a success message and the domain of your workspace, for example, contentzilla.cerby.com.
Click the Login button. The authentication page for Cerby is displayed, as shown in Figure 2.
Figure 2. Authentication page for Cerby
Enter your Cerby account credentials in the corresponding fields:
Your email address in the Username field
Your password in the Password field
Click the Sign in button. The homepage of the Cerby dashboard is displayed, as shown in Figure 3.
Figure 3. Homepage of the Cerby dashboard
Your local user workspace is now created. The next step is 2. Install the Cerby mobile app and browser extension.
2. Install the Cerby mobile app and browser extension
To install the Cerby mobile app and browser extension, you must complete the following steps:
Install the Cerby browser extension by following the instructions in the How to install the Cerby browser extension video.
Install the Cerby mobile app by following the instructions in the How to install and set up the Cerby mobile application video.
The next step is 3. Turn on 2FA for your Cerby account.
3. Turn on 2FA for your Cerby account
To turn on two-factor authentication (2FA) for your Cerby account with an authentication app, you must complete the following steps from the homepage of your Cerby dashboard:
Click the Turn 2FA On button from the Add a second layer of protection section. The Link your authentication app to your Cerby account dialog box is displayed with a QR code.
Open the authenticator app on your mobile phone.
Follow the instructions to add an account by scanning the QR code. A time-based authentication code is generated.
Click the Next button from the dialog box you left open in the Cerby web app. The Try the authentication code dialog box is displayed.
Enter the time-based authentication code generated by your authentication app in the Authentication Code field.
Click the Verify button. The dialog box closes, and a success message box is displayed.
Now you are done. It’s time to start adding your accounts to Cerby and sharing them with your colleagues.
Manage users in a local user workspace
Users with the Workspace Owner and Workspace Admin role can perform the following user management actions in a local user workspace:
The following sections describe each action.
Add a user
To add a user to a local user workspace, you must complete the following steps:
Select the All members option from the left navigation drawer. The All Members view is displayed, as shown in Figure 4.
Figure 4. All members view of the Cerby dashboard
Click the Add member button located at the top right of the page. The Add a team member dialog box is displayed.
Enter the email address of the user you want to add.
Click the Next button. The user is added to a list in the MEMBER section
NOTE: To add multiple users, enter each email address individually and press enter. Each one is added to the list in the MEMBER section.
Select the workspace-level role of the user:
Admin: They can invite and manage users in the workspace.
User: They can add and manage permissions per account.
NOTE: If you added multiple users, the role you select will be assigned to all of them.
Click the Send Invite button. The dialog box closes, a success message box is displayed, and an email is sent to the user to join Cerby with a temporary password.
IMPORTANT: The temporary password expires in 48 hours. After this time, users need a new invite.
Reset 2FA
To reset 2FA for a user in a local user workspace, you must complete the following steps:
Select the All members option from the left navigation drawer. The All Members view is displayed.
Click the More options icon of the corresponding user. A drop-down list is displayed.
Select the Reset 2FA option from the list. A message box is displayed, and an email is sent to the user to reset their 2FA device.
Force password reset
To force a password reset for a user in a local user workspace, you must complete the following steps:
Select the All members option from the left navigation drawer. The All Members view is displayed.
Click the More options icon of the corresponding user. A drop-down list is displayed.
Select the Force Password Reset option from the list. A message box is displayed, and an email is sent to the user to ask them to reset their password with a code.
Export members
You can export a CSV file with the information of all the workspace members or a specific member. After the export, Cerby sends you an email with a button to download the file to your computer.
To export the information of all the workspace members, you must complete the following steps:
Select the All members option from the left navigation drawer. The All Members view is displayed.
Click the Export button located at the top right of the table. A success message box is displayed, and an email is sent to download the report.
To export the information of a specific workspace member, you must complete the following steps:
Select the All members option from the left navigation drawer. The All Members view is displayed.
Click the More options () icon of the corresponding user. A drop-down list is displayed.
Select the Export option from the list. A success message box is displayed, and an email is sent to download the report.
Remove user from workspace
To remove a user from a local user workspace, you must complete the following steps:
Select the All members option from the left navigation drawer. The All Members view is displayed.
Click the More options icon of the corresponding user. A drop-down list is displayed.
Select the Remove from Workspace option from the list. The Remove <user name>? dialog box is displayed.
Click the Remove from Workspace button. The dialog box closes, and a success message box is displayed.
NOTE: For reporting purposes, the account of removed users is disabled; however, they will no longer be able to access Cerby.
Join Cerby from an invite
After being added to a local user workspace by a Workspace Owner or Workspace Admin, all users receive an invite through email to join Cerby and set up their account.
To join Cerby from an invite, you must complete the following steps:
Open the message Cerby sent to your email address. The message contains the following information:
Workspace name
Username
Temporary password
Click the Join now button from the message. The Cerby authentication page is displayed.
Enter your username and temporary password in the corresponding fields.
Click the Sign in button. The Change Password page is displayed.
Enter a new password for your Cerby account and your profile information in the corresponding fields:
New Password
Enter New Password Again
Name
Family name
Click the Send button. The Cerby dashboard is displayed.
To start using Cerby, all users must complete the following steps from the Create and configure a local user workspace section:
Edit the workspace display name
Users with the Workspace Owner and Workspace Admin role can only edit the workspace display name for a local user workspace. To do so, you must complete the following steps:
Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed with the General tab activated.
Activate the IDP Settings tab.
Click the Edit IDP Details button located at the top right of the Identity Provider Settings section.
The Confirm your identity to continue dialog box is displayed. An identity challenge is issued in your Cerby mobile app.
Click the It’s me! button in the Confirmation Request screen of the Cerby mobile app to confirm your identity. The dialog box in the Cerby web app closes.
Enter a new name in the Workspace display name field.
Click the Save Changes button. A success message box is displayed.
IMPORTANT: You cannot edit the Workspace name and Client Id fields. If you want to edit these fields, contact the Cerby Customer Support team.
Troubleshooting: “We couldn’t turn 2FA on for your profile” message
When you try to turn on 2FA for a Cerby account that belongs to a local user workspace, and you haven’t set your mobile phone time as automatic, the “We couldn’t turn 2FA on for your profile” message may appear, as shown in Figure 5.
Figure 5. “We couldn’t turn 2FA on for your profile” message
The error message is displayed when you verify the authentication code that your authentication app provides after scanning the QR code. This error occurs because the authentication app generates time-based codes that expire; therefore, when your mobile phone has a different time, the code could have expired or is not yet valid.
To solve this problem, set the time settings to automatic in your mobile phone by following the corresponding instructions:
Set time, date & time zone (Android)
Now, try again turning on 2FA by following the steps in the 3. Turn on 2FA for your Cerby account section.