Blog and the latest stories about nonfederated applications

Cerby + Okta Identity Governance: Bringing Governance to Disconnected Apps

Written by Cerby Team | Sep 19, 2025 5:04:42 PM

The Rise of Disconnected Apps and the Growing Challenge for Identity Teams

Did you know that around 65% of SaaS applications used within organizations are not approved by IT? Business-led IT is driving a massive surge in SaaS adoption, with end users and business units rapidly selecting the best apps to do their jobs—often without IT or security involvement. Many of these apps are disconnected apps, meaning they don’t support modern identity standards like SAML or SCIM and sit completely outside of the organization’s identity tools.

But SaaS is only part of the picture. Organizations have long relied on other disconnected apps: on-premises systems, legacy tools, portals, and homegrown applications. These may not be new, but they are just as critical and just as disconnected as the newest SaaS apps flooding into the enterprise. Together, they make up a significant portion of the enterprise application landscape and represent a major governance blind spot.

In the best case, organizations attempt to manage these apps manually: onboarding and offboarding users via tickets, performing user access certifications with spreadsheets, and emailing users to manually update passwords. In the worst case, they ignore disconnected apps entirely. Most organizations fall somewhere in between—resulting in incomplete compliance, wasted time, audit headaches, and unnecessary risk exposure.

The good news? There’s a better way.

Okta has long been the leader in identity management, and its recent offering, Okta Identity Governance (OIG), makes governance modern, intuitive, and faster to deploy than legacy Identity Governance & Administration (IGA) solutions. And now, with Cerby, even disconnected apps—SaaS or otherwise—can be brought into the fold.

Meet Cerby: The Identity Automation Platform for Disconnected Apps

Most IT, security, and Identity and Access Management (IAM) teams don’t realize there’s a solution for disconnected apps. Instead, they rely on end users, app owners, and admins to self-manage access. These users aren’t security or identity experts, yet they’re tasked with setting strong passwords, enrolling in Multi-Factor Authentication (MFA), configuring passkeys, and removing former employees’ accounts—all manually.

Disconnected apps lack the APIs and standards that would make this easy to automate. That means organizations are relying on human effort to keep these apps secure. That’s a big risk—and exactly the problem Cerby was built to solve.

Cerby acts as the missing link in your identity stack, extending identity controls to apps that can’t connect via SAML, SCIM, or APIs. Behind the scenes, Cerby securely automates previously manual, error-prone identity tasks, removing the burden from end users, admins, and app owners.

What Cerby can do:

  • Provide a Single Sign-On (SSO)-like experience for apps without SAML (while removing the need for end users to manage passwords)
  • Automatically rotate passwords to enforce strong security and compliance (while removing the burden from app owners and admins)
  • Automatically add MFA protection to disconnected apps (without relying on end users to take initiative)
  • Automate onboarding and offboarding for apps without SCIM (reducing risks and delays)

Cerby doesn’t replace your identity platform. It completes it.

The Governance Gap: Why Disconnected Apps Are a Blind Spot

Identity governance platforms like Okta OIG are incredibly powerful—but only for apps that are connected.

Disconnected apps create visibility gaps:

  • Who has access to these apps
  • What entitlements users hold
  • Whether access is appropriate
  • Who the owners and admins actually are

Without this information, organizations can’t:

  • Run access request and approval workflows
  • Perform user access reviews (UARs or access certification campaigns)
  • Assign or clean up entitlements consistently
  • Ensure new users are properly set up with access rights
  • Remediate access after reviews

This forces IAM teams into a painful choice:

  • Perform time-consuming manual tasks (spreadsheets, manual remediation, login after login)
  • Or ignore governance for disconnected apps altogether

Neither option is desirable—or secure.

Cerby + Okta Identity Governance: Closing the Governance Gap

This is where Cerby + Okta Identity Governance changes the game.

Cerby acts as the bridge, feeding user, entitlement, and app owner data from disconnected apps into OIG. This enables OIG to govern those disconnected apps like any other in your stack.

With Cerby + OIG, you can:

  • Extend access request approval workflows to disconnected apps
  • Run user access reviews (UARs) on disconnected apps with users and their entitlements
  • Provision new users with the right entitlements automatically
  • Route UARs to the correct app owner with Cerby-provided context
  • Remediate access directly in disconnected apps through Cerby
  • Generate richer reporting to meet audit and compliance requirements

The result: 100% governance coverage, faster compliance cycles, and maximized ROI on your governance program.

Beyond Governance: Security + Remediation

Cerby goes beyond governance into real-time security control. After a UAR campaign, if access needs to be revoked, Cerby can kill sessions in disconnected apps immediately—ensuring no residual access remains.

Pair this with Okta’s Universal Logout, and you get full session control. Envision this powerful incident response workflow:

  1. Okta Threat Protection with Okta AI detects a threat
  2. Okta initiates Universal Logout, terminating sessions across connected apps
  3. Cerby rotates credentials and kills active sessions in disconnected apps
  4. If needed, Cerby fully deprovisions accounts in disconnected apps

This delivers speed, assurance, and protection across the entire app ecosystem.

See Cerby + Okta Live at Oktane 2025

The Cerby + Okta integration is one of the most exciting developments in identity governance this year, and we can’t wait to show it to you.

Be among the first to see how Cerby is redefining identity governance with OIG at Oktane 2025. We’ll have a booth on the expo floor and are hosting two sessions:

  • “No App Left Behind” with Bel, Cerby’s CEO and Co-founder – how to extend OIG to disconnected apps
  • “Unlocking Full App Coverage: The monday.com Playbook” with Matt (Cerby CSO) and Lior Zugury (Director of Global IT, monday.com)

Get all the details here: https://www.cerby.com/resources/blog/a-world-of-sweet-surprises-awaits-at-oktane
View full post