As a global, multi-brand beauty company, e.l.f. Beauty relies on social media to connect with millions of customers around the world. But behind the scenes, a growing challenge was emerging: its expanding network of social accounts—managed across multiple teams, brands, and regions—was becoming increasingly difficult to secure and manage at scale.
Much of the complexity stemmed from how access was shared across a fast-moving, distributed marketing organization. As new accounts were created to support campaigns and brand initiatives, credentials were often shared informally, with no centralized way to track access or enforce protections like MFA. Without visibility, it became hard to know which accounts were secured and who had access at any given time.
User offboarding added to the complexity. Without a consistent process for revoking access or updating credentials when someone left, accounts could be left exposed longer than intended.
To make things more challenging, some social media accounts were often originally created and managed by external agencies. Regaining full ownership and control became a key focus—especially as e.l.f. looked to scale its social presence while maintaining strong security and brand integrity.
The risks were clear: if even one credential fell into the wrong hands, it could jeopardize the reputation the brand had worked hard to build. The team knew it was time to act.
For e.l.f. Beauty, social media isn’t just a marketing channel—it’s a critical part of the brand’s digital presence. From an IT and security perspective, that meant treating corporate social accounts with the same rigor as any other business-critical system: centrally managed, tightly secured, and governed by policy—not by workarounds.
The team was already using an IdP to manage identity across core business applications. What they needed next was a way to extend that same level of control and automation to their social accounts—without slowing down the marketing teams that relied on them.
That’s where Cerby came in.
Traditional identity platforms aren’t built to manage shared or disconnected applications like social media platforms. Cerby is. Purpose-built to close this gap, Cerby gave e.l.f. the ability to enforce MFA, automate password rotation, maintain account ownership, and gain real-time visibility into access—across every platform and user. All while keeping marketing teams moving fast.
Implementation matched the urgency. With support from Cerby’s onboarding team, e.l.f. brought more than 65 accounts under centralized management in under two months—with no disruption to day-to-day operations.
With Cerby in place, e.l.f. gained full control over its growing network of social media accounts—nearly 70 across multiple brands and regions. The team centralized access, enforced consistent security policies, and eliminated the time-consuming, manual work that had once defined their account and user management process.
Previously, credentials were shared informally—with no encryption, no audit trail, and no reliable way to track who had access. With Cerby, passwords are securely stored, auto-filled, and never exposed. Shared logins are tied to corporate identities, making it easy for IT and marketing to see who has access, manage permissions, and revoke access instantly when roles change. Passwords are rotated automatically—on a set schedule or immediately when someone leaves—removing the burden from individual teams.
MFA used to be inconsistent. Some accounts had it, others didn’t. Now, it’s a given. Cerby auto-enrolls users in a mandated MFA policy across all connected apps and provides visibility into who is protected—ensuring nothing slips through.
All social accounts are now tied to corporate email addresses—no more personal logins or agency-owned accounts. IT retains ownership, and agencies are granted guest access with scoped, time-bound permissions. Onboarding and offboarding are automated, with access decisions based on user roles and business needs. Collaboration stays easy—but without compromising control.
Together, these changes didn’t just reduce risk—they unlocked real efficiency. Tasks that used to require hours of back-and-forth—adding users, resetting passwords, setting up MFA, chasing down shared credentials—now happen in the background. e.l.f. estimates the team saves 40+ hours per quarter on administrative tasks. That’s an entire workweek every three months—time now reinvested into higher-impact initiatives.