ClickUp’s success story with Cerby: Revolutionizing provisioning for apps without APIs and SCIM
ClickUp is an all-in-one productivity platform built to streamline project management, collaboration, and communication. With over 10 million users, ClickUp helps teams from startups to large enterprises stay organized, productive, and aligned.
As ClickUp scaled, managing user access for SaaS apps became a growing pain—especially for apps outside their central identity provider’s reach. Social media apps, which fall under this category as they lack APIs or SCIM, had to be managed manually. That’s the reality the IT team faced regularly, with no automation in place for critical security processes such as password rotations, MFA enforcement, and user deprovisioning.
When the marketing team launched a large-scale social media campaign involving dozens of Instagram and TikTok accounts, Cerby’s role became essential. By implementing automated, secure access controls for these social platforms, Cerby enabled ClickUp to safely share account access with global content creators and agencies outside the organization. This ensured that all collaborators had seamless, secure access from the outset, allowing the campaign to run smoothly and securely—ultimately playing a crucial role in its success.
“Cerby was a game changer for us. Managing multiple agencies and freelancers with secure, seamless access to our social media accounts is now effortless—no more worrying about unauthorized access or account misuse. It’s made protecting our brand and controlling accounts easy and efficient.”
Alex Raducanu, Sr. Systems Engineer
Challenges before Cerby
ClickUp’s team faced several roadblocks that were slowing down IT and creating security risks:
- Manual processes draining IT productivity: Hundreds of hours were spent annually on manual account provisioning, deactivation, and user access audits—pulling IT away from more strategic work.
- Password headaches: Shared credentials meant that whenever an employee left, there was a risk they retained access. IT had to manually rotate social media passwords to mitigate this risk.
- MFA issues: In one case, MFA relied on SMS, with one person gatekeeping access as codes were sent to personal phone numbers. The alternative was disabling MFA entirely, seriously undermining account security.
- Manual user offboarding and lingering access: SaaS admins scrambled to deprovision users across time zones once terminated, often leading to delays and risking unauthorized access.
The Cerby Solution
Cerby stepped in and automated the most time-consuming and risky processes:
- Automated password rotations: No more insecure shared access methods and manual password changes. Cerby rotated passwords automatically—quarterly, on-demand, or triggered by user deactivation.
- Real-time offboarding: As soon as someone left, Cerby automatically deactivated their access to applications that otherwise do not support SCIM or user-management APIs and terminated their active social media sessions, eliminating delays and the risk of lingering access.
- Frictionless MFA: Cerby allowed ClickUp to enforce seamless MFA, delivering one-time codes directly to end users—even for shared accounts—ensuring security without sacrificing user experience or productivity.
"With Cerby, we seamlessly brought disconnected apps into our security and identity framework, automating critical tasks like deprovisioning and password rotations. This has drastically reduced manual IT work and strengthened our overall security posture."
William Levie, Sr. Manager, IT & Facilities Operations
Key results
- 97% reduction in time spent managing user access manually for applications protected by Cerby
- 82% faster audit preparation for user access controls
- 258% ROI on their investment in Cerby
With Cerby, ClickUp automated the manual processes that slowed them down, saved a ton of IT hours, and ensured that social media accounts—and every other app—stayed secure.
