# Keeper for Teams and Small Business ## Video Demo: Teams and Small Business This video will demonstrate all that Keeper has to offer your small business and provide you with step-by-step instructions to get your team up and running in no time. {% embed url="" %} {% hint style="info" %} Short on time? Check out our [3 minute demo here](https://vimeo.com/786911955). {% endhint %} ## Admin Console Overview When you first log in to the Admin Console, you will land on the Dashboard which will provide an overview of high level data on your user activity and overall security status. The Dashboard provides oversight of the following: * Top Events and link to Timeline Chart * Security Audit Overall Score * BreachWatch Overall Score * User Status Summary

Dashboard

The Admin tab is where majority of your set-up and user deployment will take place. Here, is where you can access Nodes, Users, Roles, Teams and Two-Factor Authentication Settings. ![Admin Tab](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACL9hQjy2JjdAhT8Nb%2FScreen%20Shot%202020-06-17%20at%204.54.48%20PM.png?alt=media\&token=f998c87b-587f-4499-988b-bb2937da1408) ## Key Configuration Steps As a first step, we recommend uploading your company logo to the vault and customizing the email invitation that will invite your employees to create their Keeper Vault. These configurations are highly recommended as they have shown to help with quick user adoption of Keeper's software. {% tabs %} {% tab title="Upload Your Company Logo" %} Click **Configuration** then click **Edit** next to "Company Logo" to upload your image file. ![Company Logo](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACLFD6C3yB7uWIkT3M%2FScreen%20Shot%202020-02-13%20at%206.47.04%20PM.png?alt=media\&token=37c17422-b5b6-47e0-aa39-00bb5d399533) {% hint style="info" %} Once uploaded, your company logo will appear in the upper left side of the header when users are logged into their Keeper Web Vault and Desktop App as well as Keeper One-Time Shares. {% endhint %} {% endtab %} {% tab title="Create Custom Email Invitation" %} Click **Configuration** then **Edit** next to Email Invitation, then toggle "Send Custom Email Invitations" on. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACLJlqkjMbaSmgYdgX%2FScreen%20Shot%202020-06-16%20at%2011.30.57%20AM.png?alt=media\&token=6d8a5b3d-1c6d-49e3-ad47-b46f6be4a4ca) The email invitation template supports customization of the following four attributes: * Subject * Message Heading * Message * Download Button Text {% hint style="info" %} The body of the message supports plain text as well as basic markdown syntax. {% endhint %} ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2Fgit-blob-30193c5d091e1fea54e0b3bc97d4adfc73d5d6f0%2FScreen%20Shot%202020-02-13%20at%206.12.13%20PM.png?alt=media) Once you have finalized your changes, click **Save**. When you are ready to add your users, they will receive your customized invite similar to the one below. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACLURXjQNX9KRXNebL%2FScreen%20Shot%202020-02-13%20at%206.52.04%20PM%20\(1\).png?alt=media\&token=dafc5b7c-d0ec-4173-948b-ca9ea4ff1c06) {% endtab %} {% endtabs %} ## Organizational Structure In Keeper's architecture, **Roles** allow you to define enforcement policies based on a user's job responsibility as well as provide delegated administrative functions. The number of roles you create is a matter of preference and/or business need. **Nodes** are used to organize your users into distinct groupings, similar to organizational units in an Active Directory. You can create nodes based on location, department, division or any other structure. Smaller organizations may choose to administer Keeper as single level, meaning no additional nodes are created. In this scenario, all provisioned users are accessed from the default "Root Node". ### Secondary Keeper Administrator We recommend you create a secondary Keeper Administrator as soon as possible. At its simplest configuration, the Keeper Administrator role is applied to the initial administrator who has set up the Keeper account for the organization as well as any other user you grant full admin rights. We strongly recommend you add a second user to the Keeper Administrator role in case one account is lost or no longer accessible. {% tabs %} {% tab title="Adding a Secondary Admin" %} **Admin > Users > Add Users** enter the user's full name and email address, then click **Add**. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACL_1OD1NpkieOvCzm%2FScreen%20Shot%202020-06-17%20at%2011.49.25%20AM.png?alt=media\&token=5cdc1668-8543-4034-923b-5c8fdbe22548) **Admin > Roles > Keeper Administrator** and click the **add icon** next to "Users". ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACLhJfunhizHkUs3Bh%2FScreen%20Shot%202020-06-17%20at%2011.57.00%20AM.png?alt=media\&token=91bfa01d-132c-4708-92c7-9af3539f3430) Select the new user from the list and click **OK** to finish. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MA900v65ftPlaF4Uz55%2F-MACLjRpDB0fWeHOmTUn%2FScreen%20Shot%202020-06-17%20at%2011.50.50%20AM.png?alt=media\&token=db43f907-94a1-44ef-aba3-19368ab5484b) {% hint style="info" %} This will generate an email inviting the users to setup their Keeper account. {% endhint %} {% endtab %} {% endtabs %} ### Account Transfer Account Transfer will allow a Keeper Administrator to transfer records and data from one user to another, should an employee leave the company. This policy is enabled by default on new tenants and needs to be configured by the Keeper Administrator during the initial deployment phase of the Keeper rollout. The Account Transfer setup must be enabled prior to the user's account being transferred. {% tabs %} {% tab title="Enable Transfer Account Permission" %} First you will need to enable the **Transfer Account** permission for the Keeper Administrator Role. {% hint style="success" %} The Transfer Account permission is enabled by default on new tenants {% endhint %} **Admin > Roles > Keeper Administrator** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACLmIzF5j-siGh48g1%2F-MACLsvM0VoxVxTDCLbl%2FScreen%20Shot%202020-06-16%20at%203.54.48%20PM.png?alt=media\&token=0b4589eb-71a7-4f7f-a28a-fde9a07145cf) Select "Administrative Permissions" and click the **gear icon**. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACLmIzF5j-siGh48g1%2F-MACM-vbm18hkb1ZYFHF%2FScreen%20Shot%202020-06-16%20at%203.55.16%20PM.png?alt=media\&token=8019cc2d-4593-46de-8a63-532aada4f462) Check the box next to "Transfer Account" and click **OK**. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACLmIzF5j-siGh48g1%2F-MACM4BuDxZPRovEYNXs%2FScreen%20Shot%202020-06-16%20at%203.57.29%20PM.png?alt=media\&token=5471dc29-c348-4b1b-bbec-3bcddca82d3e) {% hint style="info" %} To learn more about Account Transfer, click [here](https://docs.keeper.io/en/enterprise-guide/account-transfer-policy). {% endhint %} {% endtab %} {% tab title="Enable Account Transfer Policy " %} As a second step, **Enable Account Transfer** for the Keeper Administrator Role. This will allow the vaults of you and any delegated admins, under the Keeper Administrator role to be transferred. **Admin > Roles > Keeper Administrator** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACLmIzF5j-siGh48g1%2F-MACMRkwMf349Ea9guU3%2FScreen%20Shot%202020-06-16%20at%203.54.48%20PM.png?alt=media\&token=f58bfa82-a372-4255-9a55-dd4bfeed6031) Click **Enforcement Policies** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACLmIzF5j-siGh48g1%2F-MACMKfmB-ATnz8WEvrx%2FScreen%20Shot%202020-06-16%20at%204.03.57%20PM.png?alt=media\&token=5127fc11-24a6-4a2c-8868-9fbc99dbb26f) From the Transfer Account tab, toggle "Enable Account Transfer" on then click **Done**. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACLmIzF5j-siGh48g1%2F-MACMVX7DXpEiVPKd9dd%2FScreen%20Shot%202020-06-11%20at%204.46.40%20PM.png?alt=media\&token=44bff31d-4074-4b1f-b0ad-e1fcfeb2857b) {% hint style="info" %} All users will be notified and are required to acknowledge the organization's ability to transfer records from their vault. Users only have to agree to this consent one time, upon logging into their vault. {% endhint %} {% endtab %} {% endtabs %} ### Roles Roles allow you to define enforcement policies based on a user's job responsibility as well as provide delegated administrative functions. You will need at least one role defined for your users, but you can create as many as you would like depending on the structure of your organization. Roles can be created to support a variety of policies depending on what enforcements should be applied to a user based on their position (e.g. Administrators, Executives, Managers, Staff, and Contractors). For smaller organizations, Keeper recommends you create a default, "General Employee" role. {% tabs %} {% tab title="Adding Roles" %} **Admin > Roles > Add Role** ![Roles](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACMWnfEbagxjb2ufa5%2F-MACMdDn0spJDDTd5DtT%2FScreen%20Shot%202020-06-16%20at%204.08.07%20PM.png?alt=media\&token=10b2e8a6-d336-42af-b274-1c4396bdf1cf) Select the Node you want to add the Role to, enter the name of the role and click **Add**. ![Add Role](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACMWnfEbagxjb2ufa5%2F-MACMf4ufnWksB_UjtZ2%2FScreen%20Shot%202020-06-17%20at%203.20.52%20PM.png?alt=media\&token=ffa67e70-a251-4b0c-8d18-0a804eeb2ba9) {% hint style="info" %} To learn more about Roles, click [here](https://docs.keeper.io/en/enterprise-guide/roles). {% endhint %} {% endtab %} {% endtabs %} ### Nodes Nodes are used to organize your users into distinct groupings, similar to organizational units in an Active Directory. You can create nodes based on location, department, division or any other structure. Smaller organizations may choose to administer Keeper as single level, meaning no additional nodes are created. In this scenario, all provisioned users are accessed from the default "Root Node" (e.g. ACME Co.). {% tabs %} {% tab title="Adding Nodes" %} **Admin > Add Node** ![Nodes](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACMWnfEbagxjb2ufa5%2F-MACMmqs0qqeGLWhKHXG%2FScreen%20Shot%202020-06-18%20at%201.47.28%20PM.png?alt=media\&token=679e603d-1adf-4732-8e43-c99dc0726860) Enter the name of the Node then click **Add Node** to finish. ![Add Node](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACMWnfEbagxjb2ufa5%2F-MACMoQtQm1fn8ynD35q%2FScreen%20Shot%202020-06-18%20at%201.47.48%20PM.png?alt=media\&token=e9e66267-510a-4076-b254-fd79e3b964bd) **Navigating Nodes** At any time, you can change which node you are viewing by navigating to or selecting the Nodes on the far left Node pane. To navigate to the root node or top level, select your business name (e.g. ACME Co.) in the navigation tree. {% hint style="info" %} To learn more about Nodes, click [here](https://docs.keeper.io/en/enterprise-guide/nodes-and-organizational-structure). {% endhint %} {% endtab %} {% tab title="Set Default Role for Node/Sub Nodes" %} To ensure that a certain role is applied to all imported users, enable the “Set as Default Role for Node and Sub Nodes” setting. This will automatically assign new users that are added to a Node or Sub Node to a specified role. **Admin > Roles** select the target role then check the box next to "Set as Default Role for Node and Sub Nodes". ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACMWnfEbagxjb2ufa5%2F-MACNWcDwArmdvEFnIY8%2FScreen%20Shot%202020-06-19%20at%209.19.26%20AM.png?alt=media\&token=391e6196-9173-49fd-961a-98668f58ae45) {% endtab %} {% endtabs %} ## Role-Based Access Controls Role-based Access Controls (RBAC) provide your organization the ability to define **Enforcements Policies** based on a user's job responsibility as well as provide delegated administrative functions. Enforcement Policies offer a wide-range of control features that are organized into the following categories: * Login Settings * Two-Factor Authentication (2FA) * Platform Restriction * Vault Features * Record Types * Sharing & Uploading * KeeperFill * Account Settings * Allow IP List * Keeper Secrets Manager * Transfer Account {% tabs %} {% tab title="Configure Enforcement Policies for Roles" %} **Admin > Roles** select a role then click **Enforcement Policies** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACNbRqiTRt0Yzx8P_E%2F-MACNv9FWBCA1wZFtvQE%2FScreen%20Shot%202020-06-16%20at%204.20.56%20PM.png?alt=media\&token=9534746d-1ff9-4c33-a31d-89e4233b3875) A dialogue box will appear where you can configure the Enforcement Policies that will be applied to the selected role. Click **Done** when finished. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACNbRqiTRt0Yzx8P_E%2F-MACNxOJyLrLuAr5LlVx%2FScreen%20Shot%202020-06-16%20at%204.18.59%20PM.png?alt=media\&token=1289f70b-eb3b-4409-9589-93a0b56d487c) {% hint style="info" %} To learn more about Enforcement Policies, click [here](https://docs.keeper.io/en/enterprise-guide/roles#role-enforcement-policies). {% endhint %} {% endtab %} {% endtabs %} ## Deploying Keeper to Your Employees Business customers can seamlessly deploy Keeper to their users using two different methods. Admins can either manually invite individual users or bulk import users via a CSV file. Advanced deployment options are also available. {% tabs %} {% tab title="Manual User Provisioning" %} **Admin > Users > Add Users** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACNbRqiTRt0Yzx8P_E%2F-MACOAlEzU0qLX9VLEtm%2FScreen%20Shot%202020-06-17%20at%202.41.43%20PM.png?alt=media\&token=119f9517-63c6-4845-8e3f-57d8ef973cfe) Select the Node you would like to add the user to, enter their Full Name, Email Address and optional Job Title then click **Add**.

Import Users

{% hint style="info" %} This will generate an email inviting the user to setup their Keeper account. Instructions to customize the email can be found in the Key Configuration Steps section, above. {% endhint %} {% endtab %} {% tab title="Bulk User Import" %} **Admin > Users > Add Users** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACORv4u3EZ_PJJC5Yx%2FScreen%20Shot%202020-06-17%20at%202.41.43%20PM%20\(1\).png?alt=media\&token=ab1b3864-cd01-4f9f-b5d5-75f1688a9153) Select the Node you would like to add the users to then simply drag and drop your formatted CSV file of users or click **Browse Files** to upload the file from your local device (the Role field is optional). To learn more about formatting your CSV file, click [here](https://docs.keeper.io/en/enterprise-guide/user-and-team-provisioning/manual-provisioning-through-admin-console#bulk-user-import). ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACOV8SzhvLfk6CKfHN%2FScreen%20Shot%202020-06-17%20at%203.12.38%20PM.png?alt=media\&token=452d7a69-2f3b-482c-803e-10fb7fc06c7d) Review the user details and click **Add** to complete the import. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACO_EmEQoq_m8mvDz5%2FScreen%20Shot%202020-06-17%20at%203.13.04%20PM.png?alt=media\&token=2650a2e2-0a52-4072-a886-bf77d6d574d8) {% hint style="info" %} This will generate an email inviting the users to setup their Keeper account. Instructions to customize the email can be found in the "Key Configuration Steps" section, above. {% endhint %} {% endtab %} {% tab title="Advanced Deployment" %} Keeper integrates with any SAML 2.0 identity provider for just-in-time provisioning: * Entra ID / Azure AD * Okta * Google Workspace * Microsoft AD FS * Amazon AWS * Auth0 * Centrify * Duo SSO * F5 * OneLogin * Ping Identity * PingOne * Rippling * RSA SecurID Access * SecureAuth * Shibboleth * Any other SAML 2.0 identity provider See the [User and Team provisioning](https://docs.keeper.io/en/enterprise-guide/user-and-team-provisioning) section to learn more. {% endtab %} {% endtabs %} ## Teams Next, we encourage you to create **Teams**. The purpose of creating teams is to give users the ability to share the records and folders within their vaults with logical groupings of individuals. The administrator simply creates the team, sets any Team Restrictions (edit/viewing/sharing of passwords) and adds individual users to the team. Teams can also be used to easily assign Roles to entire groups of users to ensure the consistency of enforcement policies across a collective group of individuals. {% tabs %} {% tab title="Adding Teams" %} **Admin > Teams > Add Team** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACOmEoPbr8ysA1GKcb%2FScreen%20Shot%202020-06-18%20at%209.55.53%20AM.png?alt=media\&token=1a967161-b212-4688-b853-4aac384179e9) Select the Node you want to add the team to then enter the name of the team and click **Add Team** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACOp2GdJ6jpVelrhV8%2FScreen%20Shot%202020-06-18%20at%2010.55.17%20AM.png?alt=media\&token=a82e1f22-505e-403a-8439-9813bf1fbfaa) You can then set the following team-level restrictions: * Disable record re-shares * Disable record edits * Apply privacy screen Click the **add icon** to add individual Users and Roles to the team. {% hint style="info" %} Team-to-role mapping allows organizations to assign users directly to **teams** that can be assigned custom **roles**. With team-to-role mapping, a user who is a member of a team that is assigned to a role, will assume the enforcements of the given role. It's important to note, that Keeper implements Least-Privileged policies, so when a user is a member of multiple roles or teams, their net policy is most restrictive or least privileged. {% endhint %} ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACOsk0VSuTilLnZXbl%2FScreen%20Shot%202020-06-18%20at%201.56.23%20PM.png?alt=media\&token=0c88fc83-4f15-4279-8b53-991a45657546) {% hint style="info" %} To learn more about teams and team-to-role mapping, click [here](https://docs.keeper.io/en/enterprise-guide/teams). {% endhint %} {% endtab %} {% endtabs %} ## Enable Two-Factor Authentication As a final step to further enhance your security practices, we recommend that you require the use of Two-Factor Authentication across your organization. This role enforcement can be enabled within each role's Enforcement Policy settings. {% tabs %} {% tab title="Enable 2FA Enforcement Policy " %} **Admin > Roles** select the target role and click **Enforcement Policies** ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LO5CAzpxoaEquZJBpYz%2F-MACOPEtGNb2euFNuluD%2F-MACPJfPy9MnhEVmtVJm%2FScreen%20Shot%202020-06-18%20at%202.19.04%20PM.png?alt=media\&token=60670be1-50bc-452c-ac58-694d36a8bc4f) Toggle "Require the use of Two-Factor Authentication" on.

Enforce Two-Factor Authentication

Set your platform-specific enforcements, enable the desired 2FA methods then click **Done**.

2FA Methods

{% endtab %} {% endtabs %}