Quick start guide for admins
This article describes the key initial steps to set up your Cerby workspace to securely store credentials and manage shared access in your organization.
Hi there, welcome to Cerby!
If you're reading this guide, it means you're ready to set up Cerby for your organization. After completing these steps, you'll have a workspace where you can securely store and organize application accounts, share access with the right people, and start applying controls that make access management easier and more secure as you scale.
Before you begin
Before starting, make sure that you meet the following requirements to create and set up a Cerby workspace:
An email invite sent by the Cerby team from our official email address, [email protected], to create a workspace.
The authoritative source of user identity identified, whether an identity provider (IdP) or Cerby itself.
Set up your Cerby workspace
Complete the following steps to create and configure your Cerby workspace, then add your application accounts to securely store credentials and manage shared access in your organization.
So, let's get started. We prepared the following steps to get you covered:
The following sections describe each step.
1. Create your Cerby workspace
A Cerby workspace is the environment where your organization manages shared access to app accounts. It's where users access accounts to log in to other apps, and where Admins control access and workspace security settings.
When creating a Cerby workspace, you'll assign a name to it and choose how users will sign in and be provisioned. Cerby supports two workspace configurations:
The following sections describe each option.
IdP-managed workspace (SSO + directory sync)
Choose this option when you want Cerby to connect to your IdP to enable single sign-on (SSO) and user provisioning, and keep users aligned with your organization's directory.
To set up a new workspace and connect it with your IdP, you must complete the following steps:
Each step is described in the following subsections.
1. Configure SSO between Cerby and your IdP
To set up an IdP-managed workspace, refer to the specific instructions for your IdP:
Okta: Configure SSO Between Cerby and Okta with SAML
Entra ID: Configure SSO between Cerby and Entra ID with SAML
Google Workspace: Configure SSO between Cerby and Google Workspace with SAML
OneLogin: Configure SSO between Cerby and OneLogin with SAML
JumpCloud: Configure SSO between Cerby and JumpCloud with SAML
If your selected IdP is not listed above, refer to the article Configure SSO between Cerby and your IdP with SAML.
2. Enable user provisioning with SCIM
To automatically synchronize users (and, when supported, groups) from your IdP into Cerby, so onboarding and offboarding stay aligned without manual updates, enable SCIM provisioning.
To enable SCIM provisioning, refer to the specific instructions for your IdP:
Okta: How to Enable Okta User Provisioning with SCIM
Entra ID: Configure automatic user and group provisioning with Entra ID via SCIM
OneLogin: Configure automatic user provisioning with OneLogin via SCIM
Local workspace
Choose this option when you need Cerby to manage user identity and authentication instead of using an IdP, such as Okta or Entra ID. Users sign in directly to Cerby using credentials managed by Cerby.
For instructions on how to create and configure a local user workspace, read the article Create and configure a local user workspace.
2. Add your items to Cerby
After creating and configuring your workspace, the next step is to add your accounts (login credentials for your corporate apps) and secrets (secure notes) to Cerby so that you can protect and manage access to them.
Cerby supports two ways to add items:
The following sections describe each option.
Add items manually
Add your accounts and secrets manually if you have a small number of accounts and secure notes, you are starting with a pilot, or you need to create accounts that don't yet exist in an enterprise password manager (EPM).
For instructions on how to add items manually, read the articles Add an account and Add a secret.
Migrate items from your password manager
Migrate items if you already store corporate accounts and secure notes in an EPM and want to import them into Cerby in bulk.
You can migrate accounts and secrets (secure notes) using one of the following methods:
The following sections describe each option.
Password manager importer
To import items directly from a supported EPM, refer to the specific instructions for your EPM:
CSV file importer
If your password manager isn't directly supported, or if you prefer a universal import method, the CSV file importer lets you migrate items using a CSV export, so you can transition to Cerby without adding each account and secret manually.
For instructions on how to import your items, read the article Import your items from a CSV file to Cerby .
What's next
Now that your workspace is created, users are onboarded, and your accounts and secrets are imported, you can start managing access and organizing credentials, applying security controls, connecting key apps, and monitoring activity across the workspace.
Deploy the Cerby browser extension and mobile app
Deploy the Cerby browser extension and mobile app across your organization using a Mobile Device Management (MDM) platform to streamline installation and ensure a consistent user experience. For more information, see the Client app deployment section.
Configure your workspace
You can further configure your workspace with the following options provided by Cerby:
Set up a business email domain: Configure an Amazon SES integration so Cerby can send and receive email using your business domain.
Extend accounts to your IdP: Enable the Extended account access feature so users can access Cerby-managed accounts from your IdP.
App setting restrictions: Encourage users to manage sensitive app settings through Cerby by applying recommendation-based or full-block restrictions.
Vaults: Store and manage account data and secrets in protected spaces designed to ensure privacy and security.
Manage users and access in your workspace
Control who can access Cerby and how access is granted across accounts by assigning roles and organizing users through the following options provided by Cerby:
Members: Workspace users with a Cerby account who can perform actions in your workspace based on their role and permissions.
Guest users: Share items with external collaborators through Cerby by inviting them as guest users.
Partners: Collaborate with external parties (contractors, agencies, vendors, clients) in a secure and controlled way through Cerby.
Teams: Create groups of users to simplify sharing and access management to your Cerby items.
Protect the accounts in your workspace
Use Cerby security controls to reduce risk and respond quickly to access issues with the following features provided by Cerby:
Password policies: Set and enforce automated password rotation policies per app for the accounts in your workspace.
Security Hub: Get a centralized view of the health and status of all accounts in your workspace, and take action on orphaned accounts.
Universal logout: Terminate user sessions from Cerby and your IdP.
Manage your disconnected apps
Integrate your workspace with seat-based or paid social apps to simplify user and access management through Business Hubs. For more information, see the Connecting your apps and Connecting your paid social apps sections.
Monitor and audit your workspace
Track and analyze data related to user activity and security events in your workspace through the following options provided by Cerby:
Automation Log: Review automation jobs to understand key benefits, settings, and outcomes of Cerby automation activity.
Export analytics: Export workspace analytics data to a SIEM solution via an integration.
Last updated
Was this helpful?