Many enterprise applications lack support for standard identity protocols, making them undetectable by IAM/IGA tools and unmanageable through centralised security policies. This leads to manual, inconsistent procedures for provisioning, de-provisioning, MFA enrollment, and password management, increasing the risk of human error and contributing significantly to breaches. Studies show that 60% of breaches involve human factors, and 52% of companies have experienced incidents linked to unsecured non-standard applications.
Cerby, a leading identity security automation platform, solves this challenge by automating access controls for applications that traditional identity tools cannot manage. Their solution strengthens security, ensures compliance, and reduces costs while working alongside existing identity infrastructure.
Today, Cerby announced a $40 million Series B funding round, led by DTCP with participation from existing investors Okta Ventures, Salesforce Ventures, and Two Sigma Ventures. This brings the total funding to $72.5M, with the valuation undisclosed.
Cerby will use the new funding to enhance the Cerby Application Network to meet growing customer demand. This includes further investments in the company’s agentic AI capabilities and platform extensibility. The funding will support innovation across its solution suite while scaling go-to-market operations in North America and EMEA.
As part of this strategic initiative, Cerby focuses on growth in key markets, including Germany, France, the UK, and important Middle Eastern regions. Here, regulatory pressure and increasing enterprise complexity drive demand for solutions that secure disconnected applications at scale.
Automating the full identity lifecycle for disconnected applications
Cerby was founded in September 2020 by Belsasar “Bel” Lepe (CEO), Vidal González (CTO), and Jyri Virkki (Chief Architect), with headquarters in Alameda, California. The founders share extensive experience in technology and cybersecurity, having previously worked together at companies like Ooyala and Wizeline.
Cerby was developed to tackle an emerging yet often overlooked issue in enterprise cybersecurity: the risks associated with “unmanageable” or “nonstandard” applications. These critical business apps lack support for modern identity and security protocols (like SAML or SCIM), placing them outside the scope of conventional identity and access management (IAM) solutions. Through direct customer feedback and market analysis, the founders discovered that numerous organisations struggled to secure these applications, leading to security vulnerabilities, compliance challenges, and operational inefficiencies.
Belsasar Lepe, co-founder and CEO of Cerby, states: “From day one, we’ve been laser-focused on eliminating the operational burden and security risk created by manual identity workflows—automatically, intelligently, and at scale. We’re building a world where identity security is fully automated—eliminating human error and ensuring no app is left behind.”
Cerby’s mission is to reconcile security and productivity within modern enterprises by enabling employees to use necessary applications, even those lacking standard security integrations. This is achieved by automating and centralising access management, enforcing security policies, and ensuring compliance for all applications, especially those beyond IT’s typical control.
Through automation (including robotic process automation and machine learning), Cerby reduces the workload for IT and security teams by handling onboarding, offboarding, password management, and security configuration for nonstandard applications. It also democratises access control, making it simple for technical and non-technical users to securely manage and use business applications.
Since its Series A funding less than 20 months ago, Cerby has increased its annual recurring revenue (ARR) tenfold and expanded its customer base fivefold. The platform automates identity workflows across over 2,000 applications and supports over 100 organisations globally. Leading brands, including L’Oréal, Fox, Allstate, Chime, and Dentsu, rely on Cerby’s platform to automate vital security workflows across their most complex environments.
Behind Cerby: purpose-built to secure “disconnected” or “unmanageable” applications
Cerby is an identity automation platform that secures applications lacking modern identity standards (SAML/SCIM) that traditional IAM, IGA, and PAM tools can’t manage. It augments existing identity infrastructure to extend centralised access controls across all SaaS, web, mobile, and legacy applications.
The platform’s core is an access orchestration engine using browser plug-ins, APIs, and RPA. A key feature, Cerby Scout, allows teams to record and automate UI-based workflows for tasks like user provisioning and MFA setup, reducing integration time from months to hours. The platform features agentic AI automation, an integrated secrets vault, and an enrollment-based security model that helps discover shadow IT. It extends SSO and MFA capabilities to any application and integrates with providers like Okta and Azure AD.
A notable innovation is Universal Logout, developed with Okta. This feature enables instant access revocation and password rotation across applications lacking global token revocation. It is available standalone and works with both Okta-connected and independent apps.
Unlike traditional solutions that require custom connectors or are limited to standard-compliant apps, Cerby’s recorder-driven approach enables quick integration without custom code. While competitors like SailPoint, Okta, and newer entrants offer partial solutions, Cerby provides comprehensive governance and automation capabilities beyond simple credential management.
Lance Matthews, Partner at DTCP, shares: “We are thrilled to partner with Cerby to support them in this exciting new growth stage. The identity security industry is undoubtedly overdue for transformation, and Cerby is leading that shift with a true platform approach. I am confident that with Belsasar and the team, Cerby will be able to execute on their bold vision, continuing to build on their proven solutions and unique platform.”
As SaaS, cloud, mobile, and on-premises applications continue to proliferate, the enterprise attack surface has expanded dramatically, making the need for autonomous, scalable, state-of-the-art identity security solutions more critical than ever.
