Optional Deployment Tasks
Other Policy Driven Deployment Tasks
Prevent Installation of Untrusted Extensions
As a general security practice, we recommend that Enterprise customers limit the ability of end-users to install unapproved 3rd party browser extensions. Browser extensions with elevated permissions could have the ability to access any information within any website or browser-based application. Please refer to your device management software to ensure that Keeper is allowed, and unapproved extensions are blocked or removed.
Preloading Password Importer Tool
The Keeper Password Importer tool is typically downloaded by the user during account creation on the Web Vault. If you do not permit the installation of applications on end-user devices, you can preload the app using the binaries located below:
Password Importer (Windows): https://keepersecurity.com/pwd_importer/win32/keeperimport.exe
Password Importer (Mac): https://keepersecurity.com/pwd_importer/Darwin/KeeperImport.zip
Disabling Built-In Browser Password Managers
Often times, Enterprise customers would like to automatically disable the less secure, built-in password saving features of web browsers. There are several methods of managing this as described in this section.
Chrome for Enterprise
Google provides .adm and .admx files (.admx is a newer .xml file type) to make it easier to manage the Chrome browser using Group Policy. In G Suite and Chrome Enterprise environments, it is enabled via the Google Cloud platform using one of the below methods:
AD managed Chrome – Google provides adm and admx files that are incorporated into a GPO
Chrome Mac Policies and Quickstart – pushed via MDM tools (JAMF, etc...)
Chrome Linux policies and Quickstart – pushed via MDM tools (Ivanti, etc...)
Chrome G Suite managed – Native management for G Suite subscribers
Chrome Enterprise managed – centralized Cloud based Management for Windows, Mac, or Linux computers – agnostic to directory services
Mozilla Firefox for Enterprise
Similar to Chrome, Mozilla provides .adm and .admx files to manage Firefox using Group Policy. Mac-based systems are provided a .pkg file and are managed via JAMF, etc. Linux users are provided a policies.json file.
Microsoft Edge for Business
Edge for Business is now available for Windows and Mac. Group policy is managed through .adm and .admx files on Windows, and .plist on Mac.
Internet Explorer Mode for Edge
The new Edge for Business now supports "Internet Explorer Mode". We recommend using this mode for any IE browser requirements within your organization.
Legacy Internet Explorer
If legacy Internet Explorer is absolutely required by your users, management of password saving features can be disabled under traditional GPO found under:
User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer
Then disable “Turn on the auto-complete feature for user names and passwords.”
Last updated