We’ve released a new playbook to automate the process of removing abandoned accounts. Now, you can reduce unnecessary risks by minimizing your attack surface and eliminate wasted SaaS spend on unused accounts. Using the playbook, you can:
Learn more in today’s blog.
‍
When Nudge Security identifies abandoned accounts at your organization, you may need help from a user with administrative privileges for that app to delete them. To help you identify users with admin privileges, Nudge Security automatically designates a technical contact for each application, starting with the first user of that app. You can also reassign technical contacts manually as needed.
‍
Now, Nudge Security has added the ability to nudge technical contacts to assist with deleting or suspending abandoned accounts and reclaiming unused licenses. The technical contact will receive a list of abandoned accounts and instructions to confirm once they have performed the appropriate actions. Once they confirm that the accounts have been removed, the account statuses will be updated automatically within Nudge Security.
‍
Nudge Security has added new ways for you to identify and track whether your employees’ accounts are still active, enabling you to delete abandoned accounts, reclaim unused licenses, and clean up orphaned data.Â
‍
Now, when you nudge users to ask if they’re still using an account, their answers will automatically apply account statuses within Nudge Security. In addition, for applications provisioned through SSO, Nudge Security will now automatically mark accounts as inactive after 90 days of inactivity.Â
‍
To visualize this information, we’ve added a graph displaying account statues on each application’s overview page that can be changed manually or updated automatically in the following ways:Â
‍
‍
Nudge Security provides a variety of editable fields for each application and account in your environment, such as approval status, compliance scope, and SSO provider. Now, we’ve made it easier for you to understand how and when these fields are modified over time.Â
‍
Any time a field update occurs, Nudge Security tracks when it happened and which user or automated process initiated it. You can view a timestamped list of each field’s history to understand when changes have occurred and who made them.
‍
For each application your employees are using, Nudge Security provides contextual information that you can use to accelerate security reviews.
‍
We've enhanced this security context by adding a summary of the forms of multi-factor authentication each application offers. Now, you can easily assess which options are most appropriate for your workforce, or determine if an application doesn’t meet corporate security guidelines if the available options aren’t sufficient.
‍
We’ve just released the ability to revoke OAuth grants for Google Workspace and Microsoft 365 directly within Nudge Security. This new feature builds on the OAuth risk scores we delivered earlier this year by making it faster and easier to respond to risky OAuth grants. We’ve also added more context to our OAuth overviews to help you understand the permissions a grant has authorized. When Nudge Security shows you an OAuth grant with overly-permissive scopes, you can revoke it in just two clicks.Â
‍
With this new functionality, you can:
‍
Check it out in the interactive demo below, and read more in our blog post.
‍
We’ve released a new feature to give you more visibility of groups at your organization and their privacy settings, along with how and when they’re being used to create shared accounts.Â
‍
The new group analysis functionality allows you to:
‍
‍
Learn more about the security risks of using groups for SaaS access in our blog post.
