The Cledara SaaS Management Agent automates SaaS admin and billing tasks on your behalf, inside the SaaS products you explicitly authorize. It’s designed to help you collect invoices and manage access without manual, repetitive work.
Closed Beta (invitation-only)
The agent is currently in Closed Beta and is invitation-only. Supported vendors, workflows, and capabilities may evolve as we expand coverage.
Beta SLA: Target task completion SLA during the Beta period is 1 business day.
What the agent can do
Depending on the SaaS product and the permissions you grant it, the agent can help with:
Invoices & billing
- Download invoices / receipts
Access & user management
- List users and roles/permissions (e.g. for access reviews)
- Add users
- Remove users
How it works
You invite the agent into each SaaS product you want it to manage
To use the agent with a specific SaaS product, you’ll need to invite the Cledara Agent into that product with the correct user role/permissions for the functions you want automated.
- Want invoice downloads → grant billing/invoice access
- Want add/remove user automation → grant user management/admin access
This model keeps you in control: you can remove the agent’s access at any time by removing that user or changing its role in the SaaS product.
The agent completes setup (including MFA where available)
After being invited, the agent can:
- Complete account sign-up (where required)
- Register for MFA (if the SaaS product supports it)
You run and monitor tasks in Cledara
You manage the agent in app.cledara.com, where you can:
- Create one-off tasks
- Add agent actions into workflows
- View historical tasks
- Monitor open tasks and their status
Using the agent with workflows
“Add user” and “Remove user” tasks can be triggered by workflows created in Cledara, for example:
- Following approval of an access request
- Based on triggers from your HR platform (if integrated with Cledara)
You stay in control through workflow configuration (approvals, conditions, scope, and which applications are included). This means that the agent only performs tasks initiated by you within the Cledara App.
Security and privacy
Customer-controlled access (revocable at any time)
- You grant access by inviting the agent into each SaaS product.
- You can remove or downgrade its access at any time in the SaaS product.
- You can also disable workflows in Cledara to stop automation.
Least privilege and task-scoped access
- The agent is designed to access only the screens required to complete the task you requested.
- It does not browse unrelated areas of your SaaS products.
Logging and auditability (task-related only)
- The agent logs only what’s needed to complete the task and maintain an audit trail.
- Sensitive data is automatically redacted from logs.
Sensitive data and LLMs
- No sensitive data (specifically usernames, passwords, or sensitive information from within a SaaS product) is passed to any LLM.
- Personal identifiers (e.g., names and email addresses) may be used only where required to complete a task.
Example: if you ask the agent to remove “Bob Smith” (bob.smith@domain.com), it must use those identifiers to find and remove the correct user.
Credentials
- All credentials are stored in an encrypted vault.
- They are not accessible to any humans.
- Credentials are only accessible by agents when executing an authorized task.
Screenshots (for visual reasoning)
Screenshots of vendor pages may be taken during a task to support visual reasoning (for example, recognising the current screen/state so the agent can complete the next step).
- Screenshots are used only to complete the assigned task and support audit/troubleshooting.
- Sensitive data is redacted in logs, and safeguards are designed to avoid sharing sensitive fields (usernames, passwords, and sensitive in-app data) with LLMs.
Policies, retention, and privacy
Usage, data retention, and privacy are governed by Cledara’s Terms: https://www.cledara.com/terms.
FAQ
Setup & access
Do I need to create a vendor seat for the agent?
Yes. You typically invite the agent as a user inside each SaaS product you want it to manage. This keeps access control explicit and makes revocation straightforward.
What permissions should I give the agent?
Give the minimum role required for the tasks you want automated:
- Invoice-only → billing/invoice access
- User admin → user management/admin access
Start with least privilege and expand only if needed.
Can I give the agent different permissions per SaaS product?
Yes. Each SaaS product invitation is independent, so you can tune roles per vendor based on whatever control that specific SaaS product permits.
How do I revoke the agent’s access immediately?
You can revoke access at any time by:
- Removing the agent user from the SaaS product, and/or
- Downgrading its role/permissions in the SaaS product, and/or
- Disabling the workflow(s) or tasks in Cledara
Running tasks & workflows
How do I create one-off tasks?
Create and manage tasks in app.cledara.com. You can run tasks, view status, and review history.
Can I automate add/remove user actions?
Yes. Add/remove user tasks can be triggered by Cledara workflows, for example after an access request is approved, or from HR triggers (if integrated).
Data, logs, and screenshots
Does the agent store my passwords?
Credentials are stored in an encrypted vault, are not accessible to humans, and are never accessed directly by agents, even while executing authorized tasks.
Does the agent send my data to an LLM?
No sensitive data (usernames, passwords, or sensitive information from within a SaaS product) is passed to any LLM. Personal identifiers like names/emails may be used only when required to complete a task.
Do you take screenshots of vendor pages? Why?
Yes, screenshots may be taken to support visual reasoning so the agent can reliably complete tasks in vendor UIs. Screenshots are used only for task completion and related audit/troubleshooting.
What data do you store and how long do you keep it?
Usage, retention, and privacy are governed by Cledara’s Terms: https://www.cledara.com/terms.