Enforce end-user security controls with our new app banner options

Push recently released a customizable app control called app banners that got a lot of customer love.

The idea was pretty simple: Display a custom message directly in employee browsers that guided them to use work apps securely, right at the point of login or signup.

Right away, organizations using the app banners feature found a lot of value, and it’s been one of our most quickly adopted features to date.

Building on this success, we recently launched enhanced app banner features that allow you to step up enforcement based on your security goals and policies — from merely informing end-users, all the way to a “soft block.”

How it works

Here’s a recap on how it all works: Push’s browser agent detects when your employees access any cloud apps using any workforce identities (whether they’re in your IdP or not).

It can then automatically enforce a range of in-browser security controls.

We now have three types of controls you can set for app banners. Here they are, in order from softest to hardest:

Informational app banner

In Inform mode, app banners display your custom message in a thin but noticeable banner at the top of an app’s login or signup pages, providing your security guidance.

App banner with acknowledgement required

In Acknowledge mode, app banners display a larger centrally placed banner that requires end-users to click a button acknowledging your message before proceeding to use the app.

This mode can be useful for requiring that users attest to understanding a security policy or best practice when using an app, such as GenAI apps.

App banner with reason required

In Reason mode, employees must submit a reason for using an app by typing it into a field on the banner message. We think of this as a “soft block” that adds meaningful friction without preventing an employee from doing important work when it’s absolutely necessary.

Reason mode is designed for situations where you want specific apps to be used only in limited circumstances — for example, if an employee needs to use an unapproved app in order to collaborate with a customer or other business partner.

How our customers are using app banners

Here’s how one of our customers, Christina Kokoros, IT operations manager at Tray.io, has used app banners to tackle SaaS sprawl:

How do you set the controls?

You can enable app banners on a per-app basis via the Push admin console. Select an app, choose the mode (Inform, Acknowledge, or Reason), and then write your custom message.

Admins can preview the message right in their browser before publishing.

Push also emits webhooks for app banner activity so you can track when banners were shown, acknowledged, received a submitted reason for usage, etc.

Learn more in this Help Center article.

Can you track app usage too?

Yes. As well as controlling what apps employees use, and how they use them, you can also use Push to track the work apps being used across your organization.

Cloud app logins is one of the event types the Push browser agent observes. You can build automations using this data with our API and webhooks.

Common use cases include: discovering shadow IT, maintaining a SaaS app inventory for third-party risk management, and making sure employees are offboarded from all work apps when they leave your business.

Try it free

We love feedback from our users! Let us know what you think.

To try it yourself by creating a free account on the Push platform. You can also book a demo. We’ll be happy to show you this feature along with how we discover all the apps your employees are using and how we detect vulnerable identities.