Getting started

Push Security helps you secure company data and employee accounts by collecting contextual information from employee browsers and work accounts to discover and assess SaaS applications used across your organization.

Push uses this information to surface security risks across your SaaS estate, such as company data exposed via risky third-party OAuth integrations; password hygiene and MFA adoption across your workforce; and suspicious mail forwarding rules, an indicator of potential account compromise.

Use Push’s simple preconfigured chat workflows for Slack and Microsoft Teams to nudge employees to improve their own security with just-in-time behavioral guidance automatically triggered by their SaaS activity.

Push uses two points of integration to collect data on employee SaaS activity:

• An API integration via OAuth with your work platform, either Microsoft 365 or Google Workspace. This integration identifies SaaS applications that employees have accessed via social login, as well as third-party OAuth integrations, MFA adoption rates, and any suspicious mail rules.

• A browser extension. This extension observes employee logins to work accounts that use a username and password, and flags any password hygiene risks such as weak or reused passwords.

By observing employee logins at the moment they occur, Push is able to provide an accurate accounting of your SaaS estate. Note that Push only collects activity data for your specified work domains, not for employees’ personal accounts.

With this data, Push also surfaces security risks associated with SaaS activity, including:

• Weak or reused passwords

• Risky third-party OAuth integrations

• A lack of MFA protection

• Suspicious mail rules

Use Push’s ChatOps feature to help employees improve their security so they can adopt and use SaaS safely, taking the burden off your security team.

Push is free to use for up to 10 employees. You can sign up at pushsecurity.com to get full access to every feature, or request a demo first.

Administrator accounts on the Push platform do not consume a license for billing purposes unless you wish to also enroll those administrators as end-users in order to capture their SaaS activity and send ChatOps nudges.

You can buy additional employee licenses on a monthly or annual basis. Note that administrators have full control over which employees are licensed in Push. When you import basic employee details into Push as part of integrating with your work platform, you will explicitly assign licenses to individuals. Employees without a license are not counted for billing purposes.

The following steps apply to new administrators of Push. If you use Push as an employee end-user, refer to our employee documentation for help.

Setting up Push takes about 10 minutes. Complete your setup with these three steps:

1. Integrate with your work platform to import employees into Push. License employees to discover SaaS applications they have accessed via social login, as well as third-party OAuth integrations and any suspicious mail rules. Push integrates via API with Microsoft 365 and Google Workspace.

2. Install the Push browser extension to learn which SaaS apps your employees are logging into with a username and password. The extension also finds security issues associated with these logins.

3. Select from Push’s preconfigured ChatOps workflows to message employees automatically when there’s an issue, such as a weak password, a suspicious mail rule, or a lack of MFA protection. You can also use ChatOps to automate the browser installation process, inviting employees to install it themselves and enroll their browsers in Push. Browser self-enrollment takes about a minute.

You’ll see some data immediately after completing a setup task. Other data will populate as your employees log into SaaS apps. Here’s what to expect as a new administrator on the Push platform:

• After completing an API integration with your work platform, you’ll immediately see third-party OAuth integrations, social logins to SaaS apps, suspicious mail forwarding rules, and MFA usage among your work force. After the initial integration, Push checks once an hour to update this data in the Push admin console.

• After enrolling employee browsers using the Push browser extension, you’ll begin to see SaaS username / password logins. You’ll also begin to see password hygiene data such as weak and reused passwords. Username / password login data and password hygiene data is captured in the admin console as soon as Push observes the login.

Initial login

You can sign up for a Push administrator account on pushsecurity.com. Choose your username and password or use a social login to sign up.

We recommend you use a Microsoft 365 or Google Workspace social login when signing up to use Push, or use multi-factor authentication (MFA) protection for your administrator account if you are using a username and password.

1. To set up MFA, click on your profile in the top right corner of the Push admin console and select My account.

2. Then select Enable MFA.

3. Use your preferred authenticator app to complete the setup and begin using one-time passcodes.

Inviting administrators

We strongly recommend having at least two administrators on your account. This will help your organization maintain access to the Push admin console in the event of staff departure. You should also routinely audit the administrators who have access to your Push admin console.

To invite other administrators to the admin console, go to My account, then to send an invitation via email.

The sole reason Push exists is to improve security, so protecting your personal data is a top priority. We make considerable efforts to secure your personal information and we aim for full transparency on how we gather and use your personal information within our service.

Refer to our privacy policy for more details.

We’re always happy to hear from customers and are here to help. To find answers yourself, check out our Help Center articles. Or contact us to talk to a human.