# Quick start guide for admins Hi there, welcome to Cerby! If you're reading this guide, it means you're ready to set up Cerby for your organization. After completing these steps, you'll have a workspace where you can securely store and organize application accounts, share access with the right people, and start applying controls that make access management easier and more secure as you scale. *** ## Before you begin Before starting, make sure that you meet the following requirements to create and set up a Cerby workspace: * An email invite sent by the Cerby team from our official email address, , to create a workspace. * The authoritative source of user identity identified, whether an identity provider (IdP) or Cerby itself. *** ## Set up your Cerby workspace Complete the following steps to create and configure your Cerby workspace, then add your application accounts to securely store credentials and manage shared access in your organization. So, let's get started. We prepared the following steps to get you covered: 1. [Create your Cerby workspace](#id-1.-create-your-cerby-workspace) 2. [Add your items to Cerby](#id-2.-add-your-accounts-to-cerby) The following sections describe each step. ### 1. Create your Cerby workspace A Cerby **workspace** is the environment where your organization manages shared access to app accounts. It's where users access accounts to log in to other apps, and where Admins control access and workspace security settings. When creating a Cerby workspace, you'll assign a name to it and choose how users will sign in and be provisioned. Cerby supports two workspace configurations: * [IdP-managed workspace (SSO + directory sync)](#idp-managed-workspace-sso--directory-sync) * [Local user workspace](#local-workspace) The following sections describe each option. #### IdP-managed workspace (SSO + directory sync) Choose this option when you want Cerby to connect to your IdP to enable single sign-on (SSO) and user provisioning, and keep users aligned with your organization's directory. To set up a new workspace and connect it with your IdP, you must complete the following steps: 1. [Configure SSO between Cerby and your IdP](#id-1.-configure-sso-between-cerby-and-your-idp) 2. [Enable user provisioning with SCIM](#id-2.-enable-user-provisioning-with-scim) Each step is described in the following subsections. **1. Configure SSO between Cerby and your IdP** To set up an IdP-managed workspace, refer to the specific instructions for your IdP: * **Okta:** Configure SSO Between Cerby and Okta with SAML * **Entra ID:** Configure SSO between Cerby and Entra ID with SAML * **Google Workspace:** Configure SSO between Cerby and Google Workspace with SAML * **OneLogin:** Configure SSO between Cerby and OneLogin with SAML * **JumpCloud:** Configure SSO between Cerby and JumpCloud with SAML If your selected IdP is not listed above, refer to the article Configure SSO between Cerby and your IdP with SAML. **2. Enable user provisioning with SCIM** To automatically synchronize users (and, when supported, groups) from your IdP into Cerby, so onboarding and offboarding stay aligned without manual updates, enable SCIM provisioning. To enable SCIM provisioning, refer to the specific instructions for your IdP: * **Okta:** How to Enable Okta User Provisioning with SCIM * **Entra ID:** Configure automatic user and group provisioning with Entra ID via SCIM * **OneLogin:** Configure automatic user provisioning with OneLogin via SCIM #### Local workspace Choose this option when you need Cerby to manage user identity and authentication instead of using an IdP, such as Okta or Entra ID. Users sign in directly to Cerby using credentials managed by Cerby. For instructions on how to create and configure a local user workspace, read the article Create and configure a local user workspace. ### 2. Add your items to Cerby After creating and configuring your workspace, the next step is to add your accounts (login credentials for your corporate apps) and secrets (secure notes) to Cerby so that you can protect and manage access to them. Cerby supports two ways to add items: * [Add items manually](#add-items-manually) * [Migrate items from your password manager](#migrate-items-from-your-password-manager) The following sections describe each option. #### Add items manually Add your accounts and secrets manually if you have a small number of accounts and secure notes, you are starting with a pilot, or you need to create accounts that don't yet exist in an enterprise password manager (EPM). For instructions on how to add items manually, read the articles [Add an account](https://help.cerby.com/cerby-web-app/accounts/managing-your-accounts/add-an-account) and [Add a secret](https://help.cerby.com/cerby-web-app/secrets/managing-your-secrets/add-a-secret). #### Migrate items from your password manager Migrate items if you already store corporate accounts and secure notes in an EPM and want to import them into Cerby in bulk. You can migrate accounts and secrets (secure notes) using one of the following methods: * [Password manager importer](#password-manager-importer) * [CSV file importer](#csv-file-importer) The following sections describe each option. **Password manager importer** To import items directly from a supported EPM, refer to the specific instructions for your EPM: * [Migrate from LastPass to Cerby](https://help.cerby.com/cerby-web-app/item-importer/migrate-from-lastpass-to-cerby) * [Migrate from 1Password to Cerby](https://help.cerby-dev.com/cerby-web-app/item-importer/migrate-from-1password-to-cerby) **CSV file importer** If your password manager isn't directly supported, or if you prefer a universal import method, the CSV file importer lets you migrate items using a CSV export, so you can transition to Cerby without adding each account and secret manually. For instructions on how to import your items, read the article [Import your items from a CSV file to Cerby](https://help.cerby.com/cerby-web-app/item-importer/import-your-items-from-a-csv-file-to-cerby) . *** ## What's next Now that your workspace is created, users are onboarded, and your accounts and secrets are imported, you can start managing access and organizing credentials, applying security controls, connecting key apps, and monitoring activity across the workspace. ### Deploy the Cerby browser extension and mobile app Deploy the Cerby browser extension and mobile app across your organization using a Mobile Device Management (MDM) platform to streamline installation and ensure a consistent user experience. For more information, see the [Client app deployment](https://help.cerby.com/setup-and-admin/client-app-deployment) section. ### Configure your workspace You can further configure your workspace with the following options provided by Cerby: * [**Set up a business email domain**](https://help.cerby.com/setup-and-admin/workspace-settings/set-up-a-business-email-domain)**:** Configure an Amazon SES integration so Cerby can send and receive email using your business domain. * [**Extend accounts to your IdP**](https://help.cerby.com/setup-and-admin/workspace-settings/extended-account-access)**:** Enable the **Extended account access** feature so users can access Cerby-managed accounts from your IdP. * [**App setting restrictions**](https://help.cerby.com/setup-and-admin/workspace-settings/extension-settings/app-setting-restrictions)**:** Encourage users to manage sensitive app settings through Cerby by applying recommendation-based or full-block restrictions. * [**Vaults**](https://help.cerby.com/setup-and-admin/vault-management)**:** Store and manage account data and secrets in protected spaces designed to ensure privacy and security. ### Manage users and access in your workspace Control who can access Cerby and how access is granted across accounts by assigning roles and organizing users through the following options provided by Cerby: * **Members:** Workspace users with a Cerby account who can perform actions in your workspace based on their role and permissions. * [**Guest users**](https://help.cerby.com/cerby-web-app/users/invite-a-guest-user-to-your-workspace)**:** Share items with external collaborators through Cerby by inviting them as guest users. * [**Partners**](https://help.cerby.com/cerby-web-app/partners)**:** Collaborate with external parties (contractors, agencies, vendors, clients) in a secure and controlled way through Cerby. * [**Teams**](https://help.cerby.com/cerby-web-app/teams)**:** Create groups of users to simplify sharing and access management to your Cerby items. ### Protect the accounts in your workspace Use Cerby security controls to reduce risk and respond quickly to access issues with the following features provided by Cerby: * [**Password policies**](https://help.cerby.com/setup-and-admin/security-governance/password-policies)**:** Set and enforce automated password rotation policies per app for the accounts in your workspace. * [**Security Hub**](https://help.cerby.com/setup-and-admin/security-governance/security-hub)**:** Get a centralized view of the health and status of all accounts in your workspace, and take action on orphaned accounts. * [**Universal logout**](https://help.cerby.com/setup-and-admin/security-governance/universal-logout)**:** Terminate user sessions from Cerby and your IdP. ### Manage your disconnected apps Integrate your workspace with seat-based or paid social apps to simplify user and access management through **Business Hubs**. For more information, see the [Connecting your apps](https://help.cerby.com/setup-and-admin/business-hubs/connecting-your-apps) and [Connecting your paid social apps](https://help.cerby.com/setup-and-admin/business-hubs/connecting-your-paid-social-apps) sections. ### Monitor and audit your workspace Track and analyze data related to user activity and security events in your workspace through the following options provided by Cerby: * [**Automation Log**](https://help.cerby.com/setup-and-admin/audit-and-activity/automation-log)**:** Review automation jobs to understand key benefits, settings, and outcomes of Cerby automation activity. * [**Export analytics**](https://help.cerby.com/setup-and-admin/audit-and-activity/activity)**:** Export workspace analytics data to a SIEM solution via an integration. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.cerby.com/getting-started/quick-start-guides/quick-start-guide-for-admins.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.