Before you start
You should have already worked through your app inventory and set approval statuses on your key apps (see Define your SaaS landscape). Rules are most effective when your approval statuses are in place.
How rules work
A rule has two parts: a condition (what triggers it) and one or more actions (what happens when it triggers). Actions can include sending an email alert to your team, sending a nudge to the end user, sending alerts to a Teams/Slack channel, or sending to a webhook (e.g., a SIEM tool, ticketing system, or Google Chat channel).
There are two types of rules you should start with, and the distinction matters:
App rules trigger when a brand-new app is introduced to your organization for the first time - an app Nudge Security has never seen anyone at your company use before.
Account rules trigger when someone creates a new account for an app that already exists in your inventory - even if it's been used by others before.
This is one of the most common points of confusion. Think of it this way: if nobody at your company has ever used Notion, and someone signs up - that's a new app. If Notion already has five users and a sixth person signs up - that's a new account. You'll likely want rules for both scenarios, but the conditions and actions are different.
To create a rule, go to Automations > Rules in the left nav and click Create New Rule.
Rule 1: Alert when someone introduces a brand-new app
This rule tells you whenever someone in your organization signs up for an app that's never been seen before.
Set it up
Click Create New Rule and select the App tile.
Click Add Condition and select App is new to organization.
Click Add Action and select Email. Enter your email address (and any other team members who should be notified).
If your team communicates through Slack or Teams, you can add an action to post alerts to a channel. This gives your broader team real-time visibility without everyone subscribing to email alerts.
Save the rule.
Why this matters
New app introductions are how shadow IT grows. This rule gives you visibility as it happens rather than finding out months later. When the alert comes in, you can review the app, check its security profile, and decide whether to approve, restrict, or follow up.
When you're ready to nudge
Later, once you've communicated Nudge Security to your workforce, you can add a second action to this rule: a Request clarification of use nudge.
This automatically asks the person who introduced the app to explain the business case - what they're using it for, why they need it, and whether there's an approved alternative. That information helps you make faster approval decisions.
Rule 2: Redirect users away from not-permitted apps
When someone signs up for an app that's not permitted - and you have an approved alternative - this rule nudges them toward the right tool.
If you haven't already, this is where setting apps to be not permitted comes in handy (see Define your SaaS landscape). Remember - rules are most effective when your approval statuses are in place.
Set it up
Click Create New Rule and select the Account tile.
Click Add Condition, select New Account for App, and choose the specific app (e.g., OpenAI).
Click Add Action and select Nudge. Choose Provide alternative app and enter the approved alternative (e.g., Gemini).
Click Add Action again and select Email to alert yourself or your team.
If your team communicates through Slack or Teams, you can add an action to post alerts to a channel. This gives your broader team real-time visibility without everyone subscribing to email alerts.
Save the rule.
Build one rule per app-alternative pair
Create a separate rule for each not-permitted app that has an approved alternative. Common examples:
OpenAI / ChatGPT → your approved AI tool
Dropbox → Google Drive or OneDrive (depending on your environment)
Zoom → your approved video conferencing tool
The nudge goes directly to the end user via email. It explains that the app isn't permitted and suggests the approved alternative. The email alert goes to you so you're aware it happened.
Rule 3: Nudge users to delete accounts for all not-permitted apps
This is a blanket rule that catches any signup for any app you've marked as not permitted.
Set it up
Click Create New Rule and select the Account tile.
Click Add Condition, then select Approval Status and set it to Not Permitted.
Click Add Action and select Nudge. Choose Delete account - this asks the end user to remove their account for the not-permitted app.
Optionally, add an Email or Slack/Teams action to alert your team of a signup for a not permitted app happening as well.
Save the rule.
How this works with Rule 2
Rule 2 handles specific apps where you want to suggest an alternative.
Rule 3 is the safety net - it catches everything else that's not permitted.
If an app triggers both rules, the user gets both nudges (the alternative suggestion and the delete request).
Check the recipes
On the rules page, you'll see a Recipes panel on the right side. These are pre-built rule templates for common scenarios - like alerting on apps with sensitive OAuth grants, flagging password reset events, or notifying when apps have a renewal coming up. Browse through them and enable any that match your priorities.
Sequencing advice
Start with alerts only. If you haven't yet communicated Nudge Security to your workforce, hold off on adding nudge actions to your rules. Email or Slack/Teams alerts to your team are zero-risk—they give you visibility without any end-user impact.
Once you've sent out your workforce communication, come back and add nudge actions to your rules.
This phased approach - alerts first, nudges later - is how most organizations roll out successfully. It gives you time to tune your approval statuses and rules before end users start receiving messages.
What's next
Before you start nudging, you'll want to prepare your workforce. Make sure to review our communication template and rollout guidance.