Changelog

You can now request additional information for a given SaaS vendor directly from their security profile. Flagging a vendor for review adds it to our internal review queue to be reviewed each month.

‍

From a vendor’s security profile, you will also be able to see the last time the profile was updated.

From the app details page, you can now easily classify your apps by criticality level, choosing between low, medium, high, and critical depending on your specific business needs.

You can now bulk-select and nudge multiple users at once directly from the accounts table in the app details page, allowing you to engage with larger user groups efficiently.

The Manage AWS Footprint Playbook now gives you enhanced control over your AWS organization structure. You can now recategorize AWS accounts as managed by adding them to an existing AWS organization or converting them into a new organization. You can also revert their status if needed.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our most recent connected app: Sentry.

‍

With the new Sentry connected app, you can now gain deeper insight into user and identity risks and misconfigurations, and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For more information, refer to the Sentry Connected App webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

We’ve added the ability to filter on labels. From the apps or accounts tables, you can now filter down on a selected label, select multiple labels, and search for labels.

We've added a new "Last Account Activity" filter to our app and user pages, as well as the ability to view Last Account Activity in the App Usage Playbook and the Remove Abandoned Accounts Playbook. You can now sort and filter accounts based on activity within a specified time range. The "Last Account Activity" field is updated when Nudge Security detects activity across any accounts within an app or user, helping you better understand usage patterns and behavior.

We've enhanced our onboarding experience for trial users to maximize your Day One value. During your initial email scan, after a quick 5-minute configuration, you can make the most of your time by connecting Nudge Security to your SSO provider (if applicable), exploring how Nudge Security uncovers shadow SaaS usage, discovering our spend management capabilities, inviting your teammates, and scheduling time to talk with one of our product experts during your trial experience.

‍

Start your 14-day free trial and explore everything Nudge Security offers while we do the heavy lifting.

‍

You can now initiate an offboarding playbook for a given employee via API call through Nudge's Public API, making it easier and faster to offboard employees using your organization’s existing workflows and tools.

‍

Learn more about our offboarding playbook in this blog, and refer to our API documentation here.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our most recent connected app: PagerDuty.

‍

With the new PagerDuty connected app, you can now gain deeper insight into PagerDuty user activities, discover risky app-to-app integrations, and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For more information, refer to the PagerDuty Connected App webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

Upgrade your Slack communication with our new multi-channel notification support. You can now configure your Slack settings to send notifications to multiple channels in your workspace, allowing you to efficiently distribute important updates to relevant teams across your organization.

‍

To set up multi-channel support, head to the Slack tab in your Nudge Security settings.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our most recent connected app: Vercel.

‍

With the new Vercel connected app, you can now gain deeper insight into Vercel user activities, discover risky app-to-app integrations, and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For more information, refer to the Vercel Connected App webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

Managing large numbers of SaaS accounts is now simpler with our new bulk selection feature. You can select and update multiple accounts simultaneously—whether you need to mark all notetaker accounts as personal apps or update account statuses to “deleted” after offboarding an app. All these changes can be made with a single click in Nudge Security, either in your accounts table or in the accounts tab under any app.

We've revamped our weekly summary emails to provide a clear and actionable overview of your organization's weekly activity. Each summary provides key updates broken down into actionable sections, including posture findings, connected apps, new accounts, and recently discovered apps in your environment from the past week, and allows admins to take action directly in the Nudge Security interface.

‍

Our first edition with this new format will go out on Monday, February 17th. Check your account settings to ensure weekly emails are enabled.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our most recent connected app: Notion.

‍

With the new Notion connected app, you can now gain deeper insight into Notion user activities, discover risky app-to-app integrations, and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For more information, refer to the Notion Connected App webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

We've updated our offboarding playbook to include archived and suspended users from Google Workspace and Microsoft 365. Previously, only active users were available in the playbook. As a best practice, you'll need to reactivate the account during offboarding in order to automate password resets.

‍

For more information on our offboarding playbook, refer to this article.

Nudge Security lets you set up alerts for account and app activity across your organization originating from SaaS providers where company headquarters are located in countries of security interest.

‍

Admins can now configure customizable notification rules to get alerts about specific SaaS application and account activity across their organization using our proprietary security vendor profiles, allowing you to protect critical data based on your organization’s established standards.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our latest connected app: Github.

‍

With the new Github connected app, you can now gain deeper insight into Github misconfigurations, app-to-app and integration risks, and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For additional information, refer to the Github Connected App webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our most recent connected app: Slack.

‍

With the new Slack connected app, you can now gain deeper insight into Slack user activities, discover risky app-to-app integrations, and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For more information, refer to the Slack connected app webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

Nudge Security is expanding our capabilities to strengthen your SaaS application security and data protection with the addition of our most recent connected app: Zoom.

‍

With the new Zoom connected app, you can now gain deeper insight into Zoom user activities and integrations and take action on your findings, allowing you to further strengthen your SaaS security posture.

‍

For additional information, refer to the Zoom connected app webpage. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your critical SaaS applications? Start exploring with a 14-day free trial.

Nudge Security makes it easy for you to manage multiple types of non-human identities that have access to your SaaS apps and data with our newly released app-to-app integrations table.

‍

Uncover and mitigate hidden risks by gaining deeper visibility into how your existing apps share access with other SaaS applications and entities in different forms like: API keys, native apps, webhooks, service accounts, SSH keys, and OAuth grants.

‍

New to Nudge Security? Unlock deeper visibility into your app-to-app integrations with a 14-day free trial.

Nudge Security is expanding our capabilities to strengthen your SaaS security posture with the addition of our most recent connected apps for Hubspot and Cisco Meraki.

‍

With these new connected apps, you can gain deeper insight into these apps' configurations and user activities, and you can take actions to resolve and report on findings directly from within Nudge Security.

‍

For app-specific information, please visit the dedicated webpages for HubSpot and Cisco Meraki. To learn more about connected apps and how to integrate them today, read our blog.

‍

New to Nudge Security and ready to start connecting your SaaS applications? Start exploring with a 14-day free trial.

Nudge Security is expanding our capabilities to strengthen your SaaS security posture with the addition of our most recent connected apps for OpenAI, Cloudflare, and Fastly.

‍

With these new connected apps, you can gain deeper insight into these apps' configurations and user activities, and you can take actions to resolve and report on findings directly from within Nudge Security.

‍

For more info, refer to the dedicated connected apps webpages for OpenAI, Cloudflare, and Fastly.

‍

Nudge Security automatically discovers SaaS spend and delivers cost optimization insights in a Spend dashboard to help you make data-driven investment decisions and identify quick savings wins.

‍

Now, we’ve enhanced our Spend dashboard with new insights to help you monitor and optimize your SaaS expenses. With these updates, you can:

‍

• Track high-level insights such as total discovered SaaS spend, potential cost savings, total paid apps, and average spend per user.
• Monitor overall SaaS spend by category and cost center.
• Prioritize cost optimization interventions based on app spend and potential savings impact.

‍

ICYMI, we recently released security posture management capabilities for Google Workspace and Microsoft 365 to help you harden your identity infrastructure.

‍

Now, we’ve expanded these SaaS security posture management capabilities to Okta with a new Okta connected app, allowing you to: 

• Resolve Okta identity risks such as inactive privileged accounts, admin accounts with weak or missing MFA, and suspended admin accounts.
• Address Okta misconfigurations and risky policies, such as excessive session lifetimes and disabled threat detection functionality.
• Monitor Okta integrations and automatically revoke risky app-to-app connections.
• Prioritize findings with severity ratings and address configuration drift swiftly by kicking off automated remediation workflows.

‍

To get started, create a read-only token in your Okta tenant using an Okta read-only administrator account or a custom administrator account. Next, go to Apps > Connected Apps within Nudge Security and enter your Okta token to connect the app.

‍

Note: Customers using our existing Okta integration will need to enable the Okta connected app to access these new features.

‍

Nudge Security continually monitors your Google Workspace or Microsoft 365 environment to surface security posture findings and helps you resolve them quickly with remediation workflows. Our open API includes endpoints for security posture findings so you can keep your team’s work centralized within your existing tools. 

‍

Now, we’ve released a new Tines story to give you more options for taking action on findings from Nudge Security. With the new story, you can use Tines automation to create Jira tickets for Nudge Security SaaS security posture findings.

‍

Nudge Security continually monitors the security posture of your Google Workspace and Microsoft 365 environments so you can detect, prioritize, and fix risks and misconfigurations. 

‍

Now, we’ve added new rules to surface Microsoft Sharepoint security posture risks and misconfigurations. Nudge Security enables you to resolve risks efficiently with nudge workflows and context-aware remediation guidance for each finding. 

‍

Note: Existing customers using Microsoft 365 will need to accept additional scopes to enable these new security posture checks. To do so, go to Settings > Email Analysis, select “Update Permissions,” and accept the scope allowing Nudge Security to read the tenant-level settings of SharePoint and OneDrive.

‍

Nudge Security enables you to scale your SaaS security and governance efforts by nudging users through Slack or email. We’ve made several improvements to make it easier for you to re-nudge users who haven’t responded yet. Now, you can:

‍

• Re-nudge manually from the Nudge History page
• Customize automated re-nudging settings, including how many times to re-nudge and how long to wait between nudges
• Re-nudge directly from playbooks, either in bulk or to individual users

‍

Manage the authorizing user for your Microsoft 365 or Google Workspace integration

‍

Nudge Security enables email discovery using delegated permissions from the email administrator who serves as the authorizing user for your Microsoft 365 or Google Workspace integration. Now, we’ve made it easier for you to update your authorizing user when someone leaves your organization or the structure of your team changes. 

‍

You can change your authorizing user by going to Settings > Email Analysis. Before making the change, just make sure the new user has sufficient email admin privileges. 

‍

Nudge Security enables you to engage your workforce at scale by nudging users through Slack or email with just-in-time interventions that can be sent through playbooks, automated rules, or manually. Now, Nudge Security will automatically send a second nudge if a user doesn’t respond within three days. Users have 30 days to respond before the nudge expires.

‍

You can keep track of nudges, follow-up nudges, and responses within Nudge History, where you can filter apps by nudge type, response status, date range, app, or user. You can see each app’s Nudge History within its App Overview, or check out your global Nudge History under Notifications > Nudge History within the lefthand navigation.

‍

Nudge Security has extended our patented SaaS discovery method to include SaaS spend data from invoices in your users’ mailboxes, uncovering SaaS expenses that may not be captured by financial software.

‍

Now, Nudge Security discovers and analyzes invoices from the last two years to extract spend data such as billing frequency, amount, renewal date, billing owner, cost center, and most recent transaction, powering the platform’s cost optimization insights. For additional context, we’ve added an inventory of invoice details we’ve uncovered for each app, including information like invoice ID, date, payment status, payee, and description of services.

‍

These new discovery capabilities enable SaaS spend forecasting that accounts for previously-unknown spend and changes in SaaS adoption. You can track your own estimated annual budget for each app alongside Nudge Security’s record of historical spend for the last 12 months and projected spend based on actual usage. Nudge Security also calculates each app’s average cost per user, helping you prioritize SaaS deployment and investment decisions.

‍

‍

Nudge Security has released new API endpoints to help you search and retrieve security posture findings for Google Workspace and Microsoft 365. Now, you can use Nudge Security’s API to report on findings or ingest security posture data into your SIEM or SOAR tool to correlate events and accelerate incident response. 

‍

See our API documentation for more information on the new endpoints

‍

Nudge Security delivers a risk score for each OAuth grant in your environment to help you prioritize and manage OAuth risks at scale. Previously, risk scores were based on the permissiveness of each grant’s scopes. 

‍

Now, Nudge Security has updated these risk scores to account for our recently-added OAuth risk insights, which highlight signals such as popularity, trust signals from vendors, and indicators of potential phishing. For example, a grant with an unusually high level of access may have a lower risk score if the grant was created by Google or Microsoft or has passed a security review. In contrast, a grant may have a high risk score despite more limited access if Nudge Security detects malicious domains or potentially deceptive practices within an app’s registration information.

‍

Today, we’ve expanded our SaaS security and governance capabilities with SaaS security posture management (SSPM) for Google Workspace and Microsoft 356, enabling you to remediate risks and misconfigurations in your identity infrastructure. 

‍

Now, Nudge Security regularly checks your Google Workspace or Microsoft 365 environment against technical benchmarks to detect:

‍

• Misconfigurations such as missing SSO or MFA and suspicious email audit rules
• Identity risks like delegated email access and inactive privileged accounts
• SaaS-to-SaaS integration risks, including unused OAuth grants with privileged access and unapproved grants with risky scopes

‍

You can see an overview of findings from those checks in the new Posture dashboard, which highlights top findings, riskiest users, and remediation activities. See a full list of issues under Findings and resolve risks quickly with remediation workflows, including nudges to engage the right stakeholders and track resolution outcomes. Learn more in today’s blog.

‍

Nudge Security provides an AI Usage dashboard summarizing AI apps and usage trends across your organization, which includes AI tools users sign up for using SSO, username and password, and OAuth. 

‍

Now, we’ve added a list of integrations associated with AI tools to the AI Usage dashboard, making it easier to surface OAuth risk insights for these integrations and discover opportunities to revoke OAuth grants for AI tools automatically.

‍

For each app in Nudge Security, customers are able to set an Approval Status of In Review, Approved, Acceptable, or Not Permitted. These statuses can be used to determine which apps appear in an employee-facing App Directory. 

‍

Now, Nudge Security has added Approval Status as an available trigger for notification rules. For example, customers can create a rule to alert them if an employee creates an account with an Unapproved app, or automatically nudge the user to delete their account. New notification rules can be created by going to Notifications > Rules from the left menu bar and clicking “Create new rule.”

‍

We’ve released new filters to help you view and prioritize OAuth grants based on OAuth risk insights from Nudge Security. You can sort and filter your organization’s OAuth grants based on insight into an app’s popularity, configuration choices, vendor trust signals, use of restricted or sensitive scopes, and indicators of deceptive practices. 

‍

We’ve added new filtering options for accounts and OAuth grants within Nudge Security to help you manage your organization's SaaS estate.

‍

Now, you can filter accounts by MFA status to surface and prioritize enrollment gaps. You can also filter accounts and OAuth grants based on categories such as organizational unit, department, division, location, and cost center, which are fields set within Google Workspace or Microsoft 365.

‍

Nudge Security has released new SaaS spend data and cost optimization insights to help security and IT teams drive smarter, more efficient SaaS investment decisions and surface opportunities to optimize SaaS spend.

‍

To help organizations take advantage of new spend data, Nudge Security has released a Spend dashboard highlighting SaaS expenses that may be unnecessary or redundant. With this new dashboard, customers can:

‍

• Spot inactive or abandoned accounts associated with paid apps.
• Discover similar apps that may be redundant and assessing overlapping usage.
• Track upcoming renewal dates alongside up-to-date app usage information.
• Flag spend associated with AWS accounts that fall outside of your central AWS Organization.
• Identify and rationalize paid apps with single users that may have slipped under the radar in credit card statements.
• Detect paid accounts associated with unapproved apps.

‍

Nudge Security has added new SaaS spend discovery, empowering customers to make better SaaS investment decisions by triangulating insights into SaaS spend, risk, and usage.

‍

Now, Nudge Security automatically categorizes apps as paid based on data from email invoices and other billing communications from the previous three years, enabling organizations to track SaaS spend alongside app risk and usage insights. Nudge Security also automatically identifies a billing owner and cost center for each paid app. You customize the Google or Microsoft field Nudge Security uses to allocate spend to cost centers by going to Settings > Organization Settings.

‍

Customers can add additional spend data manually, such as estimated annual spend, billing frequency, and renewal date. This information can be found in a new Spend card within each App Overview, or you can sort, filter, and edit these new fields in bulk directly from the App view.

‍

Note: By default, Nudge Security will only extract billing information from emails associated with users that have accounts for an app, which means we will not analyze mailboxes without associated accounts such as accounts payable (ex: accountspayable@company.com) or group accounts. If there are additional mailboxes used to receive billing information that you would like to analyze, you can add them under Settings > Spend Settings.

‍

We’ve made it easier to consolidate SaaS usage by adding a new chart to the App Overview page showing similar apps in use at your organization. Now, you can visualize the adoption of apps with similar purposes and quickly assess how much their usage overlaps, helping you identify areas where you may be paying double.

‍

Nudge Security has introduced a chart within the App Overview pane to help you visualize app usage across different areas of your organization.

‍

Now, you can see how app usage breaks down by organizational unit, cost center, department, location, or organization, based on employee data from Google Workspace or Microsoft 365.

‍

We’ve enhanced Nudge Security’s ability to detect and assess potential security risks associated with OAuth grants with new OAuth risk insights to help accelerate OAuth investigations into suspicious, misleading, or malicious grants.

‍

Now, customers can quickly and easily identify the use of restricted or sensitive scopes, detect suspicious domains and email activities, assess vendor trust signals, and understand an app’s popularity both within their own organization and across other environments.

‍

Nudge Security has added the ability to discover and inventory multiple instances of the same app, enabling customers to identify and rationalize duplicate instances and shadow tenants. 

‍

Previously, Nudge Security categorized some instance types as resources within an app. Now, we’ll display instances defined by a unique subdomain (ex, company.slack.com) in an Instances tab within the App Overview page. Within that same pane, we’ll also associate individual accounts with the instances they have access to.

‍

‍

From food delivery to media apps, not every tool your employees use at work requires the same level of oversight. Now, Nudge Security admins can choose to ignore any app and its associated accounts from view as they work in Nudge Security.

‍

Nudge Security will exclude ignored apps from your Progress dashboard results, your total counts of apps and accounts on the Overview dashboard, and total counts on your Apps and Accounts pages. These changes will make it easier to focus on your most important apps. 

‍

Ignored apps will still trigger notification rules, including breach alerts, and you’ll still be able to view the app’s health status and breach notifications on the Overview dashboard. They will also remain included in your Attack Surface overview, App Directory, and all playbooks. 

‍

Nudge Security has updated our filters to make them more intuitive and user-friendly. As part of that effort, we’ve added a new filter that makes it possible to view your organization’s apps by the number of accounts. Now, you can use the new filter to see all apps with more accounts than a number you choose, or fewer.

‍

For example, let’s say you’ve offboarded all users associated with an app and have zero remaining accounts. You can use the new filter to view only apps with greater than zero accounts. Alternatively, you can prioritize low-adoption apps by filtering to see only apps with fewer than 5 associated accounts.

‍

We’ve added support for single sign-on with Okta, including the availability of Nudge Security in the Okta Marketplace. This enterprise-ready feature is available to all Nudge Security customers without requiring a subscription upgrade or otherwise paying any "SSO tax," which runs counter to our product principles. 

‍

Read our documentation to learn how to configure SSO with Okta, or learn more about how you can expand your Okta coverage by integrating with Nudge Security.

‍

Nudge Security has released a new API to help you manage SaaS security and governance across your entire security ecosystem. 

‍

You can use the API to automate critical security tasks, break down data silos between different tools, and centralize SaaS security data to make sure your entire team is working with the same information. For example, you can:

‍

• Ingest Nudge Security data into your SIEM to correlate it with other datasets and generate events.
• Send Nudge Security data to external ticketing systems like ServiceNow or Jira.
• Add custom attributes to an app in Nudge Security based on context from another system, such as “renewal date” or “cost center.”
• Easily orchestrate actions in other tools using third-party automation platforms like Tines, Torq, and Tray.io.

‍

See our API documentation for more information on API functionality, recipes, and samples.

‍

We’ve updated Nudge Security’s menu to make it easier to find functionality like our Overview, AI Usage, and Progress dashboards and our global search bar. Now, all of these features are available within our left hand navigation menu.

‍

Search results from Nudge Security’s main dashboard now include apps with no associated accounts at your organization, making it easier to evaluate apps before your organization begins to use them. 

‍

Now, you can access security profiles for apps outside of your organization, including:

‍

• App info: App category and app description
• Organization details: Corporate location, legal terms, and hosting details
• Security program: Certifications and security links related to the vendor’s public support for security engagement, such as their terms of service, privacy policy, corporate security page, and status page
• Authentication: Authentication methods the vendor supports, including supported methods of SSO
• Supply chain: SaaS services used by the vendor‍
• Breach history: A summary of any known breaches related to the vendor

‍

We’ve enhanced our search results to make it easier to find and interpret information about the SaaS apps your employees are using. Now, search results from Nudge Security’s main dashboard are clearly organized by type, including apps, accounts, resources, and OAuth grants.

‍

We’ve released a new dashboard to help you visualize and share the progress you’re making toward key SaaS security and governance metrics. 

‍

With the new dashboard, you can:

• Visualize your progress over different time periods as you work towards important SaaS security metrics.
• Identify the highest-impact opportunities to bolster SaaS security and governance at your organization.
• Share your progress with stakeholders and easily communicate the value of your work with print-ready reports.

‍

Check out today’s blog to learn more about these key metrics and how Nudge Security can help you improve them.  

‍

‍

We recently revamped our SaaS events record to provide additional context, including associated resources, and to make it even easier to search and filter events by event type, time range, or user. This applies to the Events tab for SaaS apps and SaaS accounts.

‍

Each SaaS app has its own events record where you can search and filter activities for all users of that app. For example, you could review a timeline of user account creation events within an app.  Additionally, each SaaS account has its own event record, so you can review activities associated with an individual user account, such as password reset or MFA disablement events.

‍

Now that SaaS resources are associated with their relevant events and searchable, we’ve also retired the all-purpose Resources tab from the primary navigation.

‍

Nudge Security streamlines the process of onboarding applications to SSO through playbooks for Azure AD and Okta onboarding. Within both playbooks, we’ve added filters to help you prioritize applications that support SSO. 

‍

We’ve also made it easier to target applications for Okta onboarding based on the specific authentication types they support. You can filter by supported authentication types, including SAML, SCIM, SWA, and OIDC.

‍

We’ve enhanced our ability to collect information about app usage from employees by updating an existing nudge. We’ve added more relevant response options to the “Request clarification of use” nudge, and we’re storing employees’ answers in a more actionable format. 

‍

Now, you can send a nudge to the technical owner of an app asking them to specify whether an application is fully adopted, under evaluation, just an experiment, or for personal use only. Optionally, the employee can also add a text response and select whether the application will handle corporate, customer, employee, or financial data. These responses populate fields labeled “Lifecycle stage” and “Data type,” which can be used to filter the Apps view. 

‍

Nudge Security has released new app health statuses showing the operational state of the SaaS applications in use across your organization. Now, security and IT teams can see an at-a-glance view of the operational health of your organization’s SaaS applications and swiftly identify if a SaaS service is experiencing disruptions.

‍

Learn more in today’s blog.

‍

We’ve released new functionality to help you understand and address your company’s exposure to a recently disclosed Google OAuth vulnerability, including a new default notification rule and a new filter view to help you discover existing accounts. Now, all Nudge Security customers will receive alerts automatically when employees create new shadow Google accounts. Additionally, you can view a list of all the shadow Google accounts at your organization by visiting the Google Workspace app overview page, clicking on the Resources tab, and filtering by “Account alias.”

‍

Read our blog post to learn more about the vulnerability and how our new functionality can help.

‍

Nudge Security has introduced a new app directory to streamline the process of onboarding employees to SaaS applications. Now, security and IT teams can share a directory of approved SaaS apps with employees, making it easier for users to request access to apps that are in compliance with corporate guidelines and have already cleared security review and procurement processes. 

‍

To get started, enable the app directory under Organization Settings and invite users to sign up for Nudge Security accounts with Personal View set as the user role. Note: Administrative privileges are required to change these settings or approve access requests for new users.

‍

Read our blog tutorial to learn more, or check out our interactive demo below.

‍

Nudge Security offers a variety of nudges to help you communicate with your employees. For example, you can send nudges prompting users to enable MFA, accept your generative AI usage policy, or delete an account, among other options.

‍

Now, you can customize the language in these nudges to suit your organization. You can edit the subject line and body copy for each nudge template and use variables to insert context-specific copy. Nudge customization options can be found within Settings. 

‍

Nudge Security has introduced the ability to multi-select filter options. Now, you can choose more than one option in each filter category, making it easier to find what you need with filters. For example, you can use filters to see all apps with approval statuses of Approved, Acceptable, and In Review, rather than looking at one of these approval statuses at a time. 

‍

‍

Nudge Security designates a technical contact for every app in your environment. This should be someone with administrative privileges within the app who can serve as the point-person for all questions and requests related to the technical aspects of managing that app, including access controls. While the first user of an app can often fill that role, employee turnover and team changes can sometimes make it challenging to figure out who to turn to for help with tasks like onboarding or offboarding users.

‍

Now, we’ve introduced a new nudge to help you find and validate the right technical contact for an app. With this nudge, you can send an email or Slack message to the person currently designated as an app's technical contact asking them to confirm whether or not they’re the right person for that role. If they aren’t the right contact, they’ll have the opportunity to identify the right contact, helping you keep this information up to date.

‍

Nudge Security has enhanced our SaaS discovery engine with support for Google Single Sign-On (SSO). This update enables our system to recognize and analyze the use of Google SSO in authenticating user accounts. Now we can provide deeper insights into authentication patterns, improving security and compliance across your SaaS applications by offering detailed visibility into how Google SSO is employed in your environment. 

‍

We’ve enhanced Nudge Security’s OAuth management functionality with the ability to take bulk actions to audit and revoke OAuth grants. Now, you can multi-select any Google and Microsoft OAuth grants and choose to either auto-revoke them or send a nudge to the employees who created the OAuth grants asking them to review whether or not they are still needed.

‍

If a user selects the nudge response indicating that they’re still using the application, Nudge Security will simply record their response under Nudge History. If a user replies that the grant is no longer needed, the grant will be revoked automatically.

‍

We’ve added new filters to help you navigate the OAuth grants in use at your organization. Now, you can filter grants by authorizing application, type, risk, permissions, user account status, admin privileges, or OAuth grant status. For example, you can use filters to quickly find high-risk OAuth grants, or OAuth grants from suspended or disabled users.

‍

‍

We’ve added a custom field to nudges, allowing you to send a note to your employees any time you send a nudge. This allows you to add any contextual information that might help your users with a specific nudge.

‍

You may have specific employees who you want to opt out of receiving nudges, such as senior executives or contractors. 

‍

We’ve introduced a way to make sure these users won’t receive nudges going forward. Under Organization Settings, you can create a list of users to opt out of nudges. Take a look in the interactive demo below.

‍

‍

We've added a new dashboard to help you understand what AI tools are in use at your organization and who is using them.

‍

Now, you can: 

• See your organization’s AI usage and adoption trends at a glance.
• Find out how different business units are using AI.
• Identify which employees are the most prolific AI tool adopters.
• Understand which applications are using AI functionality within their solutions.

‍

Read today’s blog to learn more or check out our interactive demo below.

‍

We've added a new filter to help you view your employees' accounts by authentication type to see how they're accessing different apps. For example, you might want to look at all accounts created with a username and password, meaning the logins aren't unmanaged by your organization. You can also filter by authentication methods such as Okta, Azure, Google Workspace, Slack, Office, and Github.

‍

Certain playbooks in Nudge Security may send more than one nudge to the same employee. For example, when you run the playbook to remove abandoned accounts, some employees might have accounts with several of the apps you choose to audit. Previously, they would receive a nudge for each application. 

‍

Now, when the same nudge applies to multiple apps, we’ll consolidate them into one Slack message or email to help cut down on notifications for your employees. The interactive demo below will show you what your users will see in either situation.

‍

We've improved the information we provide for each application account by adding more detail around the authentication methods used by the application. For each account, we are adding insights about which authentication methods are used, the last activity, and the MFA status for each of them. The authentication methods include accounts being accessed via SSO providers like Okta or Azure AD, and Oauth (such as sign-on with Google or Microsoft), as well as accounts created via username and password. We’ve also added the ability to filter accounts by authentication type.

‍

We’ve added three new ways for you to customize the nudges you send to your employees. Now, you have the option to:

1. Add your company’s logo to the header of nudges sent through email.
2. Specify the nudge sender for Slack and email nudges.
3. Add a custom footer to nudges sent through email or Slack.

‍

Nudge Security has added a new filter enabling you to filter apps by technical contact. Now, you can see a list of all applications assigned to a particular technical contact and, if needed, edit them in bulk to reassign them.

‍

‍

We’ve upgraded the Nudge Security dashboard with key statistics highlighting your organization’s app usage and a new graph to visualize your SaaS adoption rates. You can also see who within your organization is most likely to experiment by adopting new SaaS products, as well as which apps in your supply chain have been breached.

‍

We’ve released a new playbook to help you equip your employees to engage with AI tools safely. Using the playbook, you can find all the AI tools your employees are using and nudge them to review and accept your AI acceptable use policy. (Note that administrative privileges are required to view and run the playbook.)

‍

With this new functionality you can:

• Discover which AI tools are being used, and by whom.
• Share your AI usage policy as soon as users create AI accounts.
• Automate collection of policy acknowledgement and questions.
• Guide your employees to use AI tools safely and securely.

Read today’s blog to learn more or check out our interactive demo below.

‍

We’ve enhanced our playbook for employee offboarding with the ability to have multiple active playbooks in progress at the same time. Now, you can start the playbook for one departing employee, save your progress, start one or more others, and go back and forth between them.

‍

‍

Now, you can more easily update statuses or add context to your applications within Nudge Security by selecting and editing multiple apps at once. From the App view, you can bulk edit fields like an application’s labels, category, technical contact, approval status, and compliance scope, among others.

‍

We’ve released a new playbook to automate the process of removing abandoned accounts. Now, you can reduce unnecessary risks by minimizing your attack surface and eliminate wasted SaaS spend on unused accounts. Using the playbook, you can:

• Choose a list of applications to audit all at once, including apps your users may have forgotten about.

• Collect input from your workforce at scale to identify unused accounts.
• Delegate the work of removing unused accounts to app owners. 
• Track your progress toward eliminating wasted spend and unnecessary risk.

Learn more in today’s blog.

‍

When Nudge Security identifies abandoned accounts at your organization, you may need help from a user with administrative privileges for that app to delete them. To help you identify users with admin privileges, Nudge Security automatically designates a technical contact for each application, starting with the first user of that app. You can also reassign technical contacts manually as needed.

‍

Now, Nudge Security has added the ability to nudge technical contacts to assist with deleting or suspending abandoned accounts and reclaiming unused licenses. The technical contact will receive a list of abandoned accounts and instructions to confirm once they have performed the appropriate actions. Once they confirm that the accounts have been removed, the account statuses will be updated automatically within Nudge Security.

‍

Nudge Security has added new ways for you to identify and track whether your employees’ accounts are still active, enabling you to delete abandoned accounts, reclaim unused licenses, and clean up orphaned data. 

‍

Now, when you nudge users to ask if they’re still using an account, their answers will automatically apply account statuses within Nudge Security. In addition, for applications provisioned through SSO, Nudge Security will now automatically mark accounts as inactive after 90 days of inactivity. 

‍

To visualize this information, we’ve added a graph displaying account statues on each application’s overview page that can be changed manually or updated automatically in the following ways: 

‍

• Deleted - User has responded to a nudge saying, “Account has been deleted,” or the account has been marked as deleted through the SOC 2 access review playbook or employee offboarding playbook
• Active - User has responded to a nudge saying, “I’m still using it” or there is still activity in the SSO provider
• Access revoked - Account access has been removed through the employee offboarding playbook
• Abandoned - User has responded to a nudge saying, “No, I’m not using this”‍
• Inactive - App is provisioned through SSO and the account has had no activity for 90 days

‍

Nudge Security provides a variety of editable fields for each application and account in your environment, such as approval status, compliance scope, and SSO provider. Now, we’ve made it easier for you to understand how and when these fields are modified over time. 

‍

Any time a field update occurs, Nudge Security tracks when it happened and which user or automated process initiated it. You can view a timestamped list of each field’s history to understand when changes have occurred and who made them.

‍

We’ve added a new chart showing the rate of adoption for each of your organization’s applications, helping you understand how and when an app has gained traction among your employees. Visualize how your users have adopted an app over time by filtering the chart to see how many users have been added in the last day, week, month, year, or all-time.

‍

We’ve added the ability to export user group data with the addition of an “Export CSV” button on the Groups page. Now, you can download a CSV file containing all of your organization’s groups and each one’s primary email, number of members, number of accounts, and risk score, as well as permissions to join, read messages, and manage members.

‍

We’ve added a new nudge to help you verify whether OAuth grants for Google Workspace or Microsoft 365 are still in use before revoking them, so you can avoid any potential business disruption. When you nudge a user about an OAuth grant you hope to revoke, your user will receive an email or Slack message asking them to confirm whether they’re still using the integration. Once the user confirms that the integration is no longer in use, the OAuth grant will be revoked automatically.

‍

To provide customers with more granular access controls, Nudge Security has added a new user role that enables use of the employee offboarding playbook without requiring administrative access. Now, Nudge Security provides the following user roles:

• Personal View - Visibility limited to the user’s individual SaaS accounts
• Organizational View - Visibility of all SaaS across the organization and the ability to run playbooks, with the exception of Employee Offboarding
• (new) Organizational View plus Employee Offboarding - Visibility of all SaaS across the organization and the ability to run all playbooks, including Employee Offboarding
• Administrator - All of the access listed above as well as administrative controls, such as the ability to invite new users, manage user roles, and change organizational settings

‍

We’ve just released a new playbook that guides you through complete employee offboarding in alignment with Google and Microsoft best practices and automates common SaaS offboarding tasks, so you can transition employees securely and completely every time. 

‍

Now, you can:

• Streamline employee lifecycle changes with a step-by-step playbook that gives you automated workflows and a single system of record for SaaS offboarding. 
• Set remaining employees up for success by transitioning access to critical resources and accounts. 
• Avoid business disruptions or surprise bills by making sure all of your departing employee’s SaaS accounts and integrations are disabled, deleted, or transitioned. 
• Secure corporate resources quickly and easily by revoking OAuth grants, disabling accounts, and resetting passwords directly within the Nudge Security platform.

‍

Check it out in the interactive demo below, and read more about it in today’s blog.

‍

For each application your employees are using, Nudge Security provides contextual information that you can use to accelerate security reviews.

‍

We've enhanced this security context by adding a summary of the forms of multi-factor authentication each application offers. Now, you can easily assess which options are most appropriate for your workforce, or determine if an application doesn’t meet corporate security guidelines if the available options aren’t sufficient.

‍

We’ve just released the ability to revoke OAuth grants for Google Workspace and Microsoft 365 directly within Nudge Security. This new feature builds on the OAuth risk scores we delivered earlier this year by making it faster and easier to respond to risky OAuth grants. We’ve also added more context to our OAuth overviews to help you understand the permissions a grant has authorized. When Nudge Security shows you an OAuth grant with overly-permissive scopes, you can revoke it in just two clicks. 

‍

With this new functionality, you can:

• Detect, investigate, and revoke risky OAuth grants without switching between different environments.
• Easily clean up OAuth grants for departing employees during IT offboarding.
• Swiftly quarantine a breached app in your SaaS supply chain by identifying and revoking active OAuth grants.

‍

Check it out in the interactive demo below, and read more in our blog post.

‍

We’ve released a new feature to give you more visibility of groups at your organization and their privacy settings, along with how and when they’re being used to create shared accounts. 

‍

The new group analysis functionality allows you to:

• Identify the groups in use at your organization and discover any accounts that have been created using that group
• Check which users can see a group’s emails, which gives them the ability to reset passwords for any accounts set up for the group
• Ensure each group has appropriate privacy settings

‍

‍

Learn more about the security risks of using groups for SaaS access in our blog post.

We’ve made it easier to focus on your most relevant accounts by introducing better default filters. Now, we’re filtering deleted accounts and suspended Google Workspace users out of account lists by default. If you want to see the accounts that have been excluded, all you need to do is modify the filter settings at the top of the page.  

‍

‍

We’ve made it easier to manage your company’s AWS footprint by adding two new dashboard views to the Amazon Web Services app overview. Now, you can see your AWS Organizations and the accounts associated with them, as well as your unmanaged accounts. You can search, filter, and export the data.

‍

You can see a full list of your AWS Organizations, with the accounts associated with each AWS Organization nested underneath for easy navigation.

‍

You can also see a list of the unmanaged AWS accounts that aren’t currently associated with an AWS Organization, helping you catch rogue or abandoned accounts before they introduce unnecessary costs or risks.

Together, these two new views make it easier for organizations with large numbers of AWS accounts to explore and manage their AWS infrastructure.

We’ve enhanced the data we display for Google Workspace users, giving you a better snapshot of each employee’s profile at your organization. Now, you can see an employee’s department, division, cost center, location, organization name, and title from directly within the user summary view. We’re updating these fields automatically using metadata from Google Workspace and displaying it in the UI at the user level.

‍

‍

We’ve just released a brand new Slack integration to help you reach employees right where they’re working. 

‍

With this new functionality, you can:

• Send nudges to users in Slack, so users can respond directly from the Slack app
• Track users’ responses within your Nudge Security dashboard
• Receive Slack messages based on your custom notifications, such as when a new breach affects your organization’s supply chain or a user signs up for a new application

‍

Take a tour of the new functionality below:

‍

‍

Learn more about the power of nudging with Slack in our latest blog post.

We’ve simplified the process for customers to export data from Nudge Security.

‍

Now, all you need to do to export data is click the “Export CSV” button in the upper right hand corner of each screen. 

‍

Check it out in the screenshot below. In this example, exporting data from the Apps view will give you a CSV file of all of your organization’s applications, including each app’s name, labels, category, number of accounts, first user, and date first seen in your environment. 

‍

We’ve released a new view to show the history of all the nudges your organization has sent in one centralized page, making it easier for you to follow the messages you’re sending to employees. You can also see the nudge history for each individual application at your organization. 

‍

With this new view, you can:

• See all the nudges that have been sent to your users, along with when, why, and who sent them
• Find out whether users have seen your nudges yet
• Track your users’ responses to queries, such as why they’ve signed up for a new application
• See how long ago users were nudged so you can determine whether they need additional outreach

‍

The social media tab within our attack surface dashboard is now generally available. Nudge Security discovers all the social media accounts tied to your corporate email domains and helps you understand who owns them.

‍

With this functionality, all customers and trial users can now:

• Quickly see all social media accounts associated with your organization
• Discover employees who have created personal social media accounts using corporate emails 
• Easily identify who to contact in case of security issues with your organization’s social media accounts

‍

Check it out in the screenshot below, and learn how this fits into our overall SaaS attack surface management capabilities in our recent blog post.

‍

‍

Today, we’ve enhanced our SaaS access management support and Azure AD integration with a new automated playbook to streamline the process of onboarding applications to Azure AD SSO. 

‍

With this new playbook, customers and trial users can:

• Track which of your organization’s apps have been added to Azure AD SSO, and which ones haven’t.
• Prioritize onboarding efforts by identifying which of your unenrolled apps are already integrated with Azure AD.
• Kick off an automated workflow to enlist the help of each app’s primary admin and track their responses, rather than hunting them down individually.

‍

‍

Read more about how Nudge Security supports SSO onboarding, including this new functionality, in our latest blog post.

We’ve just released a new automated playbook to make running SOC 2 access reviews with Nudge Security even easier. 

‍

Now, customers and free trial users can:

• Capture and classify all in-scope SOC 2 assets, starting with smart app categorization to speed up your process.
• Easily identify users associated with your SOC 2 assets and verify that they still need access on a regular basis.
• Generate a print-ready report of your SOC 2 access review to demonstrate a repeatable process for auditors.

‍

Here’s an interactive tour of the new feature:

‍

‍

For a closer look, read the release blog post here.

We recently added a new attack surface dashboard, so you can readily monitor your cloud and SaaS attack surface as it changes. 

‍

Leaning on our security expertise and experience, we organize the data we discover about your SaaS estate and supply chain into key focus areas, including:

‍

• External-facing SaaS apps and domains (what attackers can see)
• SaaS apps that commonly store corporate IP and sensitive data
• Critical cloud and software supply chain infrastructure
• Corporate social media accounts
• And, well, much more…

‍

Here’s an interactive tour of the new feature:

‍

To learn more about how it works and how you can modernize your attack surface management strategy with Nudge Security, check out our blog.

Today, we released a new OAuth risk scoring feature and improved the way we visualize and classify OAuth grants for easier management and risk prioritization. Additionally, you can now build custom notification rules based on flexible OAuth criteria, including setting an OAuth risk score threshold.

‍

Here’s an interactive tour of the new and improved features:

‍

‍

For more information about these new capabilities, read our release blog post here.

‍

As always, we encourage your feedback!

Nudge Security customers can now subscribe to SaaS breach notifications. 

‍

When a data breach disclosure is discovered for a third- or fourth-party SaaS provider in your SaaS supply chain, Nudge Security will send you an email notification, alerting you to the potential impact of the breach. Here’s a recent example we sent to customers:

‍

‍

So, now whenever a SaaS data breach hits the headlines, you can quickly determine if your organization is in the blast radius.

‍

To subscribe to breach notifications in the product, go to Settings and check “Receive breach notifications.”

‍

‍