In the following sections, we'll walk you through the essential steps to get started with Nudge Security, from initial configuration to meeting your SaaS security and governance objectives.
1. Deployment and Configuration
Initial deployment
Your initial integration with Microsoft 365 or Google Workspace uncovers your organization’s shadow SaaS and builds a full inventory of assets, realizing the initial value proposition of Nudge Security. If you've started a free trial to evaluate Nudge Security, you’ll have already completed this step.
Deployment | Easy: One-time setup with Microsoft 365 or Google Workspace. |
Deployment Time | Fast: <5m per tenant |
Time to Results | Immediate: <24 hours estimated for 4k employees |
What’s included in your initial analysis?
Nudge Security’s patented discovery method and security posture checks rely on just one point of integration with Google Workspace or Microsoft 365 to deliver security visibility of your SaaS estate.
SaaS inventory: Complete inventory of SaaS apps, accounts, users, groups, authentication methods, and activities
Integrations: Complete inventory of integrations with your IdP, including OAuth risk scores, risk insights, scopes, security context, and automated revocation
Security profiles: Detailed security profiles for each app in your SaaS inventory, along with thousands of additional SaaS vendors
Security posture: Security posture findings related to SaaS identity, access, and configuration risks for your IdP, with detailed remediation guidance and resolution workflows for each finding
Attack surface: SaaS attack surface mapping, including cloud infrastructure, source code repositories, domains, and SaaS supply chain breaches (3rd and 4th-party)
SaaS spend: Up to two years of historical SaaS spend data for paid apps, along with a dashboard containing cost consolidation insights
Optional integrations & extensibility
While your initial configuration with Google or Microsoft is all you need to get started, you can unlock additional value with more integrations.
SSO provider | Optionally, connect your SSO provider to monitor the SSO enrollment status of your SaaS estate and get more granular visibility and control of account activity. Learn more → |
Connected apps | Optionally, configure connected apps for additional risk insights and user access controls (Apps > Connected Apps). Learn more → |
Communication | If applicable, connect Nudge Security to Slack for nudging. By default, nudges will be sent through email unless the Slack integration is enabled. See help center article → |
API | You can send Nudge Security data to your SIEM, SOAR, business intelligence, or GRC tools with our API. Familiarize yourself with Nudge Security’s API documentation. Learn more → |
Tines | Consider using Tines to send security posture findings to Jira. Learn more → |
Security & access management settings
Role-based access controls | Configure RBAC to grant other system users access to Nudge Security. (Settings > User management). |
Sign in with SSO | If applicable, configure Okta SSO for Nudge Security. See help center article → |
Authorizing user | As needed, manage the authorizing user for your Microsoft 365 or Google Workspace integration. |
Custom settings
Organization settings | Tell us which fields you use in Google Workspace or Microsoft to define your organizational structure and allocate SaaS spend so we can more accurately analyze your SaaS trends (Settings > Organization Settings). |
Nudge settings | Review and customize nudge settings, including nudge templates, excluded users, and auto-retry and frequency (Settings > Nudge Settings). |
Spend settings | Set a default currency for SaaS spend and update other SaaS spend discovery settings. By default, Nudge Security discovers and analyzes SaaS invoices and receipts only for mailboxes associated with app users. Add any other mailboxes that regularly receive invoices to opt them into spend analysis, such as an ap@example.com (Settings > Spend Settings). |
Updates & support
Email notifications | Opt in to receive weekly email summary and data breach notifications (Settings > Profile). |
Support | You can always reach us via in-product chat or at help@nudgesecurity.com. Optionally, you can also set up an external Slack channel with the Nudge Security team for multi-channel communication (upon request). |
Product updates | Subscribe to our changelog to receive updates on new product features. |
2. Getting Started with Nudge Security
You’ve configured your environment and you’re ready to get started—hooray! To make the most of your Nudge Security deployment, there are a few steps we recommend taking to make sure you’re set up for success.
Identify and educate stakeholders
Depending on your organization’s goals and reporting structure, you may need to engage stakeholders outside of your immediate team to achieve your goals with Nudge Security. As you following sections, make note of stakeholders who should be included in your Nudge Security onboarding to make sure your organization is setup for success.
Define your SaaS estate
Nudge Security uses information about your app estate for automation, alerting, and reporting. Now that you know what apps are in use, to what degree, and by whom, take time to define the following data. To save time, you can make bulk edits from the Apps view:
App approval status: Used in the app directory, security posture findings, notification rules, spend dashboard, and other reports, app approval status tells Nudge the scope of your sanctioned vs. unsanctioned SaaS estate.
Compliance scope: Note which apps fall within critical compliance scopes to help prioritize decisions about user access reviews and app governance.
Spend data: Nudge Security automatically discovers SaaS spend based on emailed invoices and uses spend data to power cost optimization insights. You can update this data to track your own budget alongside Nudge Security’s forecasted and historical projections, add missing spend, adjust renewal dates, or update billing owners. Learn more →
See more available fields and learn how to audit field histories here. Note: You can also create custom fields using the Nudge Security API. Learn more →
Prepare to engage your workforce with nudges
Nudge Security enables you to scale SaaS security and governance with just-in-time security nudges that engage the right users at the right time, right where they’re already working.
Customize nudge settings | Review and customize nudge settings, including nudge templates, excluded users, and auto-retry and frequency (Settings > Nudge Settings). |
Explore the rule builder | Explore built-in notifications and notification rules (Notifications > Rules). You can create custom rules to nudge your users or send notifications over Slack, email, or webhook. Learn more → |
Connect Slack | If applicable, connect Nudge Security to Slack for nudging. By default, nudges will be sent through email unless the Slack integration is enabled. See help center article → |
Inform your users | Optionally, roll out Nudge Security to your workforce. See a sample onboarding letter → |
Once you’ve reviewed configurations and introduced nudges to your workforce, we recommend confirming your technical contacts. Although Nudge Security designates a technical contact for every app in your environment, employee turnover and team changes can sometimes make it challenging to figure out who to turn to for help with tasks like provisioning access or offboarding users.
Technical contacts receive nudges related to administrative tasks within each SaaS app, such as removing accounts, fixing misconfigurations, or providing business context.
You can confirm or update technical contacts manually or by engaging users through nudges. Learn more → Note that a technical contact must be set as an individual user. Group or shared accounts (e.g., IT@example.com) are not allowed.
Track your efforts with the progress dashboard (Dashboards > Progress). Learn more →
Now that you have technical contacts defined, you’re ready to start nudging!
3. Meeting your goals with Nudge Security
What does it look like to achieve your goals with Nudge Security? Explore common objectives for Nudge Security customers and understand the steps you can take to achieve them:
Looking ahead: Your first 90 days with Nudge Security
Here’s a sample plan for your first 90 days, implementing steps from the more detailed guides linked above.
Objective | First 14 days | First 60 days | First 90 days | Ongoing |
Discover & contain SaaS sprawl. | • Explore your SaaS inventory | • Confirm technical contacts | • Onboard workforce to self-service app directory | • Review nudge responses |
Govern & secure SaaS identities. | • Configure SSO providers & see your SSO enrollment rate | • Prioritize apps for SSO enrollment | • Automate SSO onboarding policy | • Enroll new approved apps to SSO |
Reduce risk & strengthen your security posture. | • Resolve critical security posture findings | • Review & remove risky or overly permissive OAuth grants | • Establish a process for onboarding new app vendors | • Perform security reviews for new apps |