Nudges

Subscribe to all Changelog posts via RSS to stay updated on everything we ship at Nudge Security.

We’ve enhanced our ability to collect information about app usage from employees by updating an existing nudge. We’ve added more relevant response options to the “Request clarification of use” nudge, and we’re storing employees’ answers in a more actionable format. 

‍

Now, you can send a nudge to the technical owner of an app asking them to specify whether an application is fully adopted, under evaluation, just an experiment, or for personal use only. Optionally, the employee can also add a text response and select whether the application will handle corporate, customer, employee, or financial data. These responses populate fields labeled “Lifecycle stage” and “Data type,” which can be used to filter the Apps view. 

‍

Nudge Security offers a variety of nudges to help you communicate with your employees. For example, you can send nudges prompting users to enable MFA, accept your generative AI usage policy, or delete an account, among other options.

‍

Now, you can customize the language in these nudges to suit your organization. You can edit the subject line and body copy for each nudge template and use variables to insert context-specific copy. Nudge customization options can be found within Settings. 

‍

Nudge Security designates a technical contact for every app in your environment. This should be someone with administrative privileges within the app who can serve as the point-person for all questions and requests related to the technical aspects of managing that app, including access controls. While the first user of an app can often fill that role, employee turnover and team changes can sometimes make it challenging to figure out who to turn to for help with tasks like onboarding or offboarding users.

‍

Now, we’ve introduced a new nudge to help you find and validate the right technical contact for an app. With this nudge, you can send an email or Slack message to the person currently designated as an app's technical contact asking them to confirm whether or not they’re the right person for that role. If they aren’t the right contact, they’ll have the opportunity to identify the right contact, helping you keep this information up to date.

‍

We’ve enhanced Nudge Security’s OAuth management functionality with the ability to take bulk actions to audit and revoke OAuth grants. Now, you can multi-select any Google and Microsoft OAuth grants and choose to either auto-revoke them or send a nudge to the employees who created the OAuth grants asking them to review whether or not they are still needed.

‍

If a user selects the nudge response indicating that they’re still using the application, Nudge Security will simply record their response under Nudge History. If a user replies that the grant is no longer needed, the grant will be revoked automatically.

‍

We’ve added a custom field to nudges, allowing you to send a note to your employees any time you send a nudge. This allows you to add any contextual information that might help your users with a specific nudge.

‍

You may have specific employees who you want to opt out of receiving nudges, such as senior executives or contractors. 

‍

We’ve introduced a way to make sure these users won’t receive nudges going forward. Under Organization Settings, you can create a list of users to opt out of nudges. Take a look in the interactive demo below.

‍

‍

Certain playbooks in Nudge Security may send more than one nudge to the same employee. For example, when you run the playbook to remove abandoned accounts, some employees might have accounts with several of the apps you choose to audit. Previously, they would receive a nudge for each application. 

‍

Now, when the same nudge applies to multiple apps, we’ll consolidate them into one Slack message or email to help cut down on notifications for your employees. The interactive demo below will show you what your users will see in either situation.

‍

We’ve added three new ways for you to customize the nudges you send to your employees. Now, you have the option to:

  1. Add your company’s logo to the header of nudges sent through email.
  2. Specify the nudge sender for Slack and email nudges.
  3. Add a custom footer to nudges sent through email or Slack.

‍

When Nudge Security identifies abandoned accounts at your organization, you may need help from a user with administrative privileges for that app to delete them. To help you identify users with admin privileges, Nudge Security automatically designates a technical contact for each application, starting with the first user of that app. You can also reassign technical contacts manually as needed.

‍

Now, Nudge Security has added the ability to nudge technical contacts to assist with deleting or suspending abandoned accounts and reclaiming unused licenses. The technical contact will receive a list of abandoned accounts and instructions to confirm once they have performed the appropriate actions. Once they confirm that the accounts have been removed, the account statuses will be updated automatically within Nudge Security.

‍

Nudge Security has added new ways for you to identify and track whether your employees’ accounts are still active, enabling you to delete abandoned accounts, reclaim unused licenses, and clean up orphaned data. 

‍

Now, when you nudge users to ask if they’re still using an account, their answers will automatically apply account statuses within Nudge Security. In addition, for applications provisioned through SSO, Nudge Security will now automatically mark accounts as inactive after 90 days of inactivity. 

‍

To visualize this information, we’ve added a graph displaying account statues on each application’s overview page that can be changed manually or updated automatically in the following ways: 

‍

  • Deleted - User has responded to a nudge saying, “Account has been deleted,” or the account has been marked as deleted through the SOC 2 access review playbook or employee offboarding playbook
  • Active - User has responded to a nudge saying, “I’m still using it” or there is still activity in the SSO provider
  • Access revoked - Account access has been removed through the employee offboarding playbook
  • Abandoned - User has responded to a nudge saying, “No, I’m not using this”‍
  • Inactive - App is provisioned through SSO and the account has had no activity for 90 days

‍

We’ve added a new nudge to help you verify whether OAuth grants for Google Workspace or Microsoft 365 are still in use before revoking them, so you can avoid any potential business disruption. When you nudge a user about an OAuth grant you hope to revoke, your user will receive an email or Slack message asking them to confirm whether they’re still using the integration. Once the user confirms that the integration is no longer in use, the OAuth grant will be revoked automatically.

‍

We’ve released a new view to show the history of all the nudges your organization has sent in one centralized page, making it easier for you to follow the messages you’re sending to employees. You can also see the nudge history for each individual application at your organization. 

‍

With this new view, you can:

  • See all the nudges that have been sent to your users, along with when, why, and who sent them
  • Find out whether users have seen your nudges yet
  • Track your users’ responses to queries, such as why they’ve signed up for a new application
  • See how long ago users were nudged so you can determine whether they need additional outreach

‍

We’ve just released a brand new Slack integration to help you reach employees right where they’re working. 

‍

With this new functionality, you can:

  • Send nudges to users in Slack, so users can respond directly from the Slack app
  • Track users’ responses within your Nudge Security dashboard
  • Receive Slack messages based on your custom notifications, such as when a new breach affects your organization’s supply chain or a user signs up for a new application

‍

Take a tour of the new functionality below:

‍

‍

Learn more about the power of nudging with Slack in our latest blog post.

See what you've been missing.