Goal

Available on Day 1

What’s next?

Discover and address identity risks.

✅ Identity security posture findings for your IdP (Google Workspace or Microsoft 365)

• Regularly review and resolve SaaS identity security posture findings (Findings > Filter by Identity). Learn more →
• Configure connected apps for additional identity risk insights and user access controls (Apps > Connected Apps).
​Learn more →

Accelerate and track SSO enrollment progress.

✅ Inventory of SaaS apps in use and supported forms of SSO

• Configure your SSO providers, see your current SSO enrollment rate, prioritize unenrolled apps that support SSO, and streamline SSO enrollment by running the playbooks “Onboard apps to Azure AD (Entra ID)” and “Onboard apps to Okta.” Learn more →
• See how many of your apps support SSO and track changes in your enrollment rate within the progress dashboard (Dashboards > Progress).
​Learn more →

Offboard employees completely.

✅ Inventory of SaaS access associated with each user
✅ Inventory of
​lingering SaaS accounts for suspended, archived users

• Track and clean up lingering SaaS accounts tied to inactive users.
• When employees depart or change roles, run the “
​Employee offboarding” playbook to avoid unauthorized SaaS access.

Audit and remove unnecessary access (ad hoc or access review).

✅ Inventory of account usage associated with each app, including last activity as available

• Learn how Nudge Security helps you identify inactive and unnecessary accounts and remove access.
• Run the playbook “
​Remove abandoned accounts” to identify and remove unused SaaS accounts in bulk.

Implement process and policies for SaaS access management.

✅ Inventory of SaaS accounts associated with each app

• Enable a self-service employee directory for approved apps.
• Create automated nudges reminding users to:
• Stick with specific preferred vendors
​ • Rein in personal app use
• Avoid unapproved apps

Know when, why, and how app access is granted outside of established processes.

✅ Automatic discovery of new SaaS adoption and account creation

• Get notified of new app adoption or account creation using custom notification rules.
• Survey technical contacts to learn about how apps are used. Use the nudge template, “Request clarification of use.”
​ Learn more →

Audit SaaS authentication methods.

✅ Authentication methods for each account

• Review account authentication methods, which can include SSO, OAuth, or username/password. Accounts created with username and password typically aren’t managed centrally and may be missed during user access reviews and employee offboarding.
• Check for accounts with mixed authentication (ie, both Okta SSO and username/password authentication) by
​filtering accounts by authentication method.

Audit and enforce MFA use.

✅ MFA status for each user in your IdP
✅ Security profile for each app with
​supported MFA methods
✅ Indicators of SaaS MFA enrollment, as available
​

• Review supported MFA methods for your critical apps.
• Audit accounts
​without MFA that were created using username and password (Apps > Filter by Authentication Method and MFA Status).
• Nudge users to enable MFA and set up automated rules to
​enforce MFA enrollment as users sign up for new apps.