All Collections
Cerby Suggest
Explore Cerby Suggest
Explore Cerby Suggest

This article describes the basic concepts and characteristics of Cerby Suggest.

Cerby Team avatar
Written by Cerby Team
Updated over a week ago

Hi there, welcome to Cerby Suggest!

Thank you for choosing us to discover and manage rogue apps. We are a cybersecurity company focused on empowering you and your organization to manage and secure access to your apps.

Cerby Suggest is our app sprawl detection product, designed to recommend sanctioned apps when end users are about to sign up for a new app or service provider. The goal is to help you gain centralized visibility on the apps your employees need and use, and provide employees with more information at the decision-making point.

Our approach is unique because we address app sprawl at the moment of account creation. In contrast, other SaaS discovery tools detect accounts after they have persisted for some time, using methods such as email mining or financial record reviews.

In the following sections, we walk you through the basic information and characteristics of Cerby Suggest:

Learn how Cerby Suggest works

Cerby Suggest is a product built to help you detect app sprawl. By being connected to your systems and your identity provider (IdP), Cerby Suggest can guide end users into taking advantage of the licenses and seats of your organization’s sanctioned apps, therefore reducing the costs of unnecessary, unused, orphaned, or duplicate resources.

The process to request licenses or seats is guided and managed by Cerby and your IT team via custom-built integrations. For example, employees can raise IT service request tickets from Cerby Suggest through an integration with ServiceNow.

After receiving authorization to sign up for a SaaS app account, employees can add such an account to Cerby to streamline login and secure access with the two-factor authentication (2FA) managed by Cerby.

The following sections explain how we detect app sprawl, optimize your licenses and seats, and secure access to your accounts:

Custom-built integrations

The Cerby platform is connected to your organization's systems via custom-built integrations. The goal is to retrieve the necessary data to identify app sprawl effectively, suggest users request existing licenses or seats for apps within the same category, and keep track of all the IT service request tickets.

Currently, the following integrations are available:

The following sections describe each integration.

Application assignments

The organization’s IT admins build and maintain an artifact that serves as the source of truth for the apps all users have been assigned to based on their role, department, and information technology service management (ITSM).

Cerby retrieves the information from this artifact to associate it with each user's Cerby account.

Application graph

Cerby uses an application graph to identify and map the discovered SaaS apps based on their category or taxonomy. The goal is to provide users with accurate app suggestions according to the workspace policies and objectives.

An application graph refers to the apps sanctioned by an organization and the similar apps defined by Cerby and the organization.

The application graphs can be maintained in the following ways:

  • IT-led: The organization’s IT admins feed a self-service artifact with new apps and categories or re-categorize the existing ones. With this IT-led maintenance, the Cerby platform improves the default categories displayed to users.

  • Third-party providers: Cerby connects to third-party providers to retrieve and maintain the application graph used to identify and map the discovered SaaS apps based on their category or taxonomy.


Cerby connects to ServiceNow to create the corresponding tickets to request SaaS licenses or seats from a user action. This integration provides IT admins with some or all of the following information to approve or deny the request:

  • The name of the requester and approver

  • A business justification

  • A description of the request

  • The type of user who requests the license or seat (employee or contractor)


Cerby connects to Slack and sends messages to provide IT admins visibility on the following:

  • Service request tickets generated in ServiceNow

  • Account creation events for Okta apps or similar apps within the application graph

  • Account creation events for apps not listed in the application graph

  • Cerby browser extension deactivation events

To request new integrations, contact the Customer Support team by emailing or sending a message through the help chat of the Cerby dashboard.

Discovery report

Cerby offers a discovery report to provide IT admins with greater visibility on where new logins and signups occur. With this information, IT admins can discover apps that may not be in scope by the organization, perform effective license management, and make decisions around security.

The report is available in the Discovery report view of Cerby dashboard, as shown in Figure 1.

Screenshot of the Discovery report view in the Cerby web app dashboard. A table is displayed with the login and signup activities for sanctioned and unsanctioned apps.

Figure 1. Discovery report view in the Cerby web app dashboard

Cerby client apps

The Cerby platform comprises two client apps that work together to provide you with the best experience as a Cerby Suggest user:

Cerby web app

The Cerby web app is the interface that enables you to perform all the management actions on the accounts you save in Cerby and the users who belong to your workspace.

The following are the actions you can perform with the Cerby web app:

  • Add an account, edit the account details, manage access to the account, and start the automatic login via the Cerby browser extension.

  • Store the backup codes manually when configuring two-factor authentication (2FA) for your accounts.

  • Create a collection of accounts and manage access to it.

  • Search through your items.

  • View and export the list of workspace members.

  • View your billing information.

  • View the user activity on your workspace and items.

You can use any web browser to access the Cerby web app, and all of your interactions are through a dashboard displayed after logging in to your workspace, as shown in Figure 2.

Screenshot of the Cerby web app dashboard. The All accounts view is displayed with multiple account cards and a button at the top right to add an account or collection.

Figure 2. Cerby web app dashboard for Cerby Suggest users

Our Development team constantly updates our Cerby web app, meaning you always access the latest features and improvements.

Cerby browser extension

The Cerby browser extension is an add-on for web browsers vital to the user experience of Cerby Suggest users. The extension is our app sprawl detection tool with the following features:

  • Detects when users navigate to login and signup pages

  • Detects account creation events

  • Suggests users request existing licenses or seats by filling out a form

IMPORTANT: End users must be logged in to their corresponding workspace through the Cerby browser extension to use Cerby Suggest.

The following are the actions you can perform with the Cerby browser extension:

  • Log in to your accounts automatically by leveraging the autofill feature on login pages. Automatic login is guided by in-context alerts for visibility on what happens in every step and what to do if the process fails or needs your intervention.

  • Log in to your accounts manually by leveraging the inline menu.

  • Generate secure passwords based on custom policies to sign up for applications or rotate your passwords manually.

  • View and copy your account details to manually log in to your apps.

  • View and copy verification codes when 2FA is turned on using Cerby as an authenticator app.

  • Search through your items.

  • Save your credentials when logging in or signing up for an app.

After logging in to your workspace with the Cerby browser extension, your interactions are through a popup and an inline menu, as shown in Figure 3 and Figure 4.

Screenshot of the Cerby browser extension popup on top of a login page. The Accounts tab is activated with a list of account cards.

Figure 3. Cerby browser extension popup for Cerby Suggest users

Screenshot of the Cerby browser extension inline menu on top of the input fields of a login page. A list of account cards is displayed.

Figure 4. Cerby browser extension inline menu for Cerby Suggest users

The Cerby browser extension can be installed from the browsers’ stores or distributed to all corporate computers via a Mobile Device Management (MDM) solution. You receive the latest version automatically each time the Development team pushes a new version.

The following web browsers are supported for MacOS and Windows computers:

  • Safari

  • Microsoft Edge

  • Mozilla Firefox

  • Google Chrome

  • Island

Use Cerby Suggest

Now that you know the basic concepts of Cerby Suggest, get to know more of the actions end users can perform with Cerby Suggest in the Get started as a Cerby Suggest user article.

Boost collaboration with Teams

With Teams, you can simplify user and access management through Cerby. This feature helps you and your company support groups of users assigned to items and automatically change the Cerby role and user account provisioning to all group members.

The following are the options to create teams in Cerby:

  • Create a group of users in the corporate directory managed by your IdP, such as Okta and Azure AD, and replicate it automatically as a team in Cerby.

  • Create a self-managed team selecting users from your workspace.

You can manage all your teams through the Teams view, as shown in Figure 6.

Screenshot of the Teams view in the Cerby dashboard. The Members tab of a specific team is displayed with a list of team members.

Figure 6. Teams view in the Cerby dashboard

To add and manage a team, follow the instructions in the article How to use Teams. You can also see the video How to add a self-managed team.

Did this answer your question?