Introducing Cerby IdLCM and Cerby OPA - enabling automated lifecycle management and access governance across all disconnected apps, including on-prem.
For years, IT and security teams have lived with an uncomfortable truth: most enterprise applications sit completely outside the reach of their identity stack. No SCIM. No user management APIs. No out-of-the-box connectors. No centralized visibility or control.
Disconnected apps, including modern SaaS applications and on-premises systems locked behind firewalls, have forced organizations to manage them manually with error-prone processes. Spreadsheets, tickets, and tribal knowledge fill the gaps left by systems that were never designed for identity lifecycle automation.
Yet many organizations still assume this is temporary. Vendors will modernize. Standards will eventually be adopted. Everything will support SCIM, and the problem will disappear.
It won’t. And “managing for now” simply isn’t working anymore.
Many enterprises today operate more than 1,000 applications, but only 54% are adequately integrated with an IGA. These aren’t fringe or niche tools. They are core systems powering critical operations, completely invisible to your IdP and IGA.
Hybrid environments make the challenge even more permanent. Regulatory constraints, data sovereignty requirements, and multi-year modernization roadmaps ensure that on-premises applications will remain in place for years, sitting outside standard identity controls.
The result?
Disconnected apps aren’t an edge case. They comprise the majority of application landscapes, and it’s time they had a real solution.
Today, we’re excited to announce a major leap forward: Cerby Identity Lifecycle Management (IdLCM) and the Cerby On-Premises Agent (OPA).
Cerby IdLCM automates lifecycle processes such as provisioning, account updates, and deprovisioning for disconnected SaaS applications—even when they lack SCIM support or user management APIs. It extends the power of your existing IdP and IGA without requiring premium vendor licenses, SCIM add-ons, or costly custom connector development.
The new Cerby On-Premises Agent brings the same automation to on-premises applications behind the firewall, turning both modern and legacy on-prem systems into first-class citizens of your identity ecosystem.
Together, Cerby IdLCM and OPA close the gap between what your IAM stack was built to manage and what your organization actually uses.
Cerby integrates directly with leading IdPs and IGA platforms, including Okta, Entra ID, Ping, SailPoint, and Saviynt. No rip-and-replace effort required.
When a user is created, updated, or removed in your IdP or IGA system, Cerby automatically performs the corresponding lifecycle actions across every disconnected application—dramatically extending the reach and value of your existing provisioning workflows.
Onboarding, role changes, and offboarding all happen consistently, automatically, and securely even for applications your identity stack couldn’t previously reach.
Cerby also extends your IGA solution’s core governance workflows—including access requests and approvals, user access reviews (access certifications), and remediation—bringing these capabilities to disconnected applications for the first time.
Cerby delivers automated identity workflows for any disconnected application, regardless of how it’s built or deployed:
Cerby automates account creation and manages roles, groups, permissions, and application-specific entitlements with granular precision, extending governance to every corner of your environment.
The Cerby OPA creates a secure, outbound-only tunnel from your private network to the Cerby platform, enabling identity workflow automation for on-premises apps that normally aren’t reachable from the internet.
OPA ensures your most sensitive and high-risk on-premises systems receive the same lifecycle automation and governance coverage as your SaaS applications.
Cerby supports app-specific pre-deprovisioning actions to ensure your business continues running smoothly when users leave. Instead of simply deactivating accounts, Cerby enables smoother transitions such as:
This ensures safe, consistent access removal without disrupting operations.
Custom-built connectors, automation scripts, or robotic process automation frequently break when application vendors deprecate or change an application’s APIs or update UI elements or logic. These brittle integrations create ongoing maintenance burdens.
Cerby eliminates that technical debt with AI-driven automation that:
All connectors are fully productized and maintained by Cerby, keeping your identity program resilient as your applications evolve and your ecosystem grows.
The same automation and OPA capabilities that power IdLCM also extend IGA workflows, bringing access certifications, access requests and approvals, entitlements management, and remediation to disconnected apps.
With Cerby, IGA platforms like SailPoint, Saviynt, and Okta Identity Governance can now orchestrate:
Across every application—not just those for which they have connectors.
Cerby doesn’t replace your IdP or IGA stack. It completes it.
Disconnected apps are not a temporary problem. They require a real solution.
Organizations like ClickUp have reduced manual access tasks by 97% and cut audit preparation time by 82%—proof that comprehensive lifecycle automation is achievable.
If your organization still relies on manual processes for disconnected applications, struggles to govern on-prem systems, or faces recurring audit gaps, the question is no longer whether this can be automated.
The question is whether your identity program can afford not to.
With Cerby IdLCM and the Cerby On-Premises Agent:
Complete lifecycle automation—across every app, in every environment—is finally possible.
Cerby IdLCM and the Cerby OPA are available now.
Talk to us to see how Cerby can help close your identity security gaps.