Nudge Security enables you to scale your SaaS security and governance efforts by nudging users through Slack or email. We’ve made several improvements to make it easier for you to re-nudge users who haven’t responded yet. Now, you can:
‍
‍
Nudge Security enables you to engage your workforce at scale by nudging users through Slack or email with just-in-time interventions that can be sent through playbooks, automated rules, or manually. Now, Nudge Security will automatically send a second nudge if a user doesn’t respond within three days. Users have 30 days to respond before the nudge expires.
‍
You can keep track of nudges, follow-up nudges, and responses within Nudge History, where you can filter apps by nudge type, response status, date range, app, or user. You can see each app’s Nudge History within its App Overview, or check out your global Nudge History under Notifications > Nudge History within the lefthand navigation.
‍
For each app in Nudge Security, customers are able to set an Approval Status of In Review, Approved, Acceptable, or Not Permitted. These statuses can be used to determine which apps appear in an employee-facing App Directory.Â
‍
Now, Nudge Security has added Approval Status as an available trigger for notification rules. For example, customers can create a rule to alert them if an employee creates an account with an Unapproved app, or automatically nudge the user to delete their account. New notification rules can be created by going to Notifications > Rules from the left menu bar and clicking “Create new rule.”
‍
We’ve enhanced our ability to collect information about app usage from employees by updating an existing nudge. We’ve added more relevant response options to the “Request clarification of use” nudge, and we’re storing employees’ answers in a more actionable format.Â
‍
Now, you can send a nudge to the technical owner of an app asking them to specify whether an application is fully adopted, under evaluation, just an experiment, or for personal use only. Optionally, the employee can also add a text response and select whether the application will handle corporate, customer, employee, or financial data. These responses populate fields labeled “Lifecycle stage” and “Data type,” which can be used to filter the Apps view.Â
‍
Nudge Security offers a variety of nudges to help you communicate with your employees. For example, you can send nudges prompting users to enable MFA, accept your generative AI usage policy, or delete an account, among other options.
‍
Now, you can customize the language in these nudges to suit your organization. You can edit the subject line and body copy for each nudge template and use variables to insert context-specific copy. Nudge customization options can be found within Settings.Â
‍
Nudge Security designates a technical contact for every app in your environment. This should be someone with administrative privileges within the app who can serve as the point-person for all questions and requests related to the technical aspects of managing that app, including access controls. While the first user of an app can often fill that role, employee turnover and team changes can sometimes make it challenging to figure out who to turn to for help with tasks like onboarding or offboarding users.
‍
Now, we’ve introduced a new nudge to help you find and validate the right technical contact for an app. With this nudge, you can send an email or Slack message to the person currently designated as an app's technical contact asking them to confirm whether or not they’re the right person for that role. If they aren’t the right contact, they’ll have the opportunity to identify the right contact, helping you keep this information up to date.
‍
We’ve enhanced Nudge Security’s OAuth management functionality with the ability to take bulk actions to audit and revoke OAuth grants. Now, you can multi-select any Google and Microsoft OAuth grants and choose to either auto-revoke them or send a nudge to the employees who created the OAuth grants asking them to review whether or not they are still needed.
‍
If a user selects the nudge response indicating that they’re still using the application, Nudge Security will simply record their response under Nudge History. If a user replies that the grant is no longer needed, the grant will be revoked automatically.
‍
We’ve added a custom field to nudges, allowing you to send a note to your employees any time you send a nudge. This allows you to add any contextual information that might help your users with a specific nudge.
‍
You may have specific employees who you want to opt out of receiving nudges, such as senior executives or contractors.Â
‍
We’ve introduced a way to make sure these users won’t receive nudges going forward. Under Organization Settings, you can create a list of users to opt out of nudges. Take a look in the interactive demo below.
‍
‍
Certain playbooks in Nudge Security may send more than one nudge to the same employee. For example, when you run the playbook to remove abandoned accounts, some employees might have accounts with several of the apps you choose to audit. Previously, they would receive a nudge for each application.Â
‍
Now, when the same nudge applies to multiple apps, we’ll consolidate them into one Slack message or email to help cut down on notifications for your employees. The interactive demo below will show you what your users will see in either situation.
‍
We’ve added three new ways for you to customize the nudges you send to your employees. Now, you have the option to:
‍
When Nudge Security identifies abandoned accounts at your organization, you may need help from a user with administrative privileges for that app to delete them. To help you identify users with admin privileges, Nudge Security automatically designates a technical contact for each application, starting with the first user of that app. You can also reassign technical contacts manually as needed.
‍
Now, Nudge Security has added the ability to nudge technical contacts to assist with deleting or suspending abandoned accounts and reclaiming unused licenses. The technical contact will receive a list of abandoned accounts and instructions to confirm once they have performed the appropriate actions. Once they confirm that the accounts have been removed, the account statuses will be updated automatically within Nudge Security.
‍
Nudge Security has added new ways for you to identify and track whether your employees’ accounts are still active, enabling you to delete abandoned accounts, reclaim unused licenses, and clean up orphaned data.Â
‍
Now, when you nudge users to ask if they’re still using an account, their answers will automatically apply account statuses within Nudge Security. In addition, for applications provisioned through SSO, Nudge Security will now automatically mark accounts as inactive after 90 days of inactivity.Â
‍
To visualize this information, we’ve added a graph displaying account statues on each application’s overview page that can be changed manually or updated automatically in the following ways:Â
‍
‍
We’ve added a new nudge to help you verify whether OAuth grants for Google Workspace or Microsoft 365 are still in use before revoking them, so you can avoid any potential business disruption. When you nudge a user about an OAuth grant you hope to revoke, your user will receive an email or Slack message asking them to confirm whether they’re still using the integration. Once the user confirms that the integration is no longer in use, the OAuth grant will be revoked automatically.
‍
We’ve released a new view to show the history of all the nudges your organization has sent in one centralized page, making it easier for you to follow the messages you’re sending to employees. You can also see the nudge history for each individual application at your organization.Â
‍
With this new view, you can:
‍
We’ve just released a brand new Slack integration to help you reach employees right where they’re working.Â
‍
With this new functionality, you can:
‍
Take a tour of the new functionality below:
‍
‍
Learn more about the power of nudging with Slack in our latest blog post.
