LogoLogo
Enterprise Guide
Enterprise Guide
  • Getting Started
  • Start Your Trial
  • Resources
  • Keeper for Teams and Small Business
  • Keeper Enterprise
  • Implementation Overview
  • Domain Reservation
  • Deploying Keeper to End-Users
    • Desktop Applications
      • Launch on Start Up
    • Forcefield
    • Browser Extension (KeeperFill)
      • Mac
        • PLIST (.plist) Policy Deployment
          • Jamf Pro Policy Deployment - Chrome
          • Microsoft Intune Policy Deployment - Chrome
      • Linux
        • JSON Policy Deployment - Chrome
      • Windows
        • Group Policy Deployment - Chrome
        • Group Policy Deployment - Firefox
        • Group Policy Deployment - Edge
        • SCCM Deployment - Chrome
        • Intune - Chrome
        • Intune - Edge
        • Edge Settings Policy
        • Chrome Settings Policy
      • Virtual Machine Persistence
    • Mobile Apps
      • IBM MaaS360
    • Optional Deployment Tasks
    • IE11 Trusted Sites
  • End-User Guides
  • Keeper Admin Console Overview
  • Nodes and Organizational Structure
  • Risk Management Dashboard
  • User and Team Provisioning
    • Custom Invite and Logo
      • Custom Email - Markdown Language
    • Simple Provisioning through the Admin Console
    • Active Directory Provisioning
    • LDAP Provisioning
    • SSO JIT (Just-in-Time) Provisioning
    • Okta Provisioning
    • Entra ID / Azure AD Provisioning
    • Google Workspace Provisioning
    • JumpCloud Provisioning
    • CloudGate Provisioning
    • OneLogin Provisioning
    • Microsoft AD FS Provisioning
    • API Provisioning with SCIM
      • Using SCIM API Provisioning
    • Team and User Approvals
    • Email Auto-Provisioning
    • CLI Provisioning with Commander SDK
  • SSO / SAML Authentication
  • User Management and Lifecycle
  • Email Address Changes
  • Roles, RBAC and Permissions
    • Enforcement Policies
    • Security Keys
  • Delegated Administration
  • Account Transfer Policy
  • Teams (Groups)
  • Sharing
    • Record and File Sharing
    • Shared Folders
    • PAM Resource Sharing
    • One-Time Share
    • Share Admin
    • Time-Limited Access
    • Self-Destructing Records
    • Hiding Passwords
  • Creating Vault Records
  • Importing Data
  • Record Types
  • Two-Factor Authentication
  • Storing Two-Factor Codes
  • Security Audit
    • Security Audit Score Calculation
  • BreachWatch (Dark Web)
  • Secure File Storage & Sharing
  • Reporting, Alerts & SIEM
    • Event Descriptions
    • Splunk
    • Sumo Logic
    • Exabeam (LogRhythm)
    • Syslog
    • QRadar
    • Azure Monitor
    • Azure Sentinel
    • AWS S3 Bucket
    • Devo
    • Datadog
    • Logz.io
    • Elastic
    • Firewall Configuration
    • On-site Commander Push
  • Recommended Alerts
  • Webhooks
    • Slack Webhooks
    • Teams Webhooks
    • Amazon Chime Webhooks
    • Discord Webhooks
  • Compliance Reports
  • Vault Offline Access
  • Secrets Manager
  • Commander CLI
  • Keeper Connection Manager
  • KeeperPAM Privileged Access Manager
  • Keeper Forcefield
  • KeeperChat
  • Keeper MSP
    • Free Trial
    • Getting Started
    • Fundamentals
    • Consumption-Based Billing
      • Secure Add-Ons
      • Existing MSP Admins
    • Onboarding
    • PSA Billing Reconciliation
    • Join the Slack Channel
    • Next Steps
    • Offboarding
    • Commander CLI/SDK
    • Account Management APIs
    • Provision Family Plans via API
    • MSP Best Practices
  • Free Family License for Personal Use
    • Provision Family plans via API
    • Provision Student plans via API
    • API Troubleshooting
      • API Parameters
      • API Response Codes
      • API Explorer - Swagger
  • Keeper Security Benchmarks and Recommended Security Settings
  • IP Allow Keeper
  • Keeper Encryption and Security Model Details
  • Developer API / SDK Tools
  • On-Prem vs. Cloud
  • Authentication Flow V3
  • Migrating from LastPass
  • Training and Support
  • Keeper SCORM Files for LMS Modules
  • Docs Home
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • Overview
  • Requirements
  • User Provisioning SSO+SCIM
  • User Provisioning (SCIM)
  • Configuration Steps
  • Step 1: Add SCIM Provisioning Method for JumpCloud®
  • Step 2: Select SCIM Provisioning Method
  • Step 3: Generate SCIM Token
  • Step 4: Save SCIM Provisioning Method
  • Step 5: Add Keeper Application to JumpCloud®
  • Step 6: Configure Keeper Application
  • Step 7: Activate Keeper Application
  • Step 8: Configure SCIM within Keeper Application
  • Step 9: Activate SCIM
  • Step 10: Save Keeper Application

Was this helpful?

Export as PDF
  1. User and Team Provisioning

JumpCloud Provisioning

Keeper supports SAML 2.0 Authentication and SCIM provisioning with JumpCloud

PreviousGoogle Workspace ProvisioningNextCloudGate Provisioning

Last updated 1 year ago

Was this helpful?

Overview

This guide covers JumpCloud Automated Provisioning with SCIM which will update and deactivate Keeper user accounts as changes are made in JumpCloud.

You can configure SCIM without SSO or SSO+SCIM

Requirements

To setup Keeper user provisioning with JumpCloud®, you need to have access to the and a JumpCloud® Admin account.

User Provisioning SSO+SCIM

IMPORTANT: If you want your users to authenticate via SSO / SAML 2.0 with JumpCloud, you must first configure and install Keeper SSO Connect with JumpCloud. View the full SSO Connect setup guides: SSO Connect Cloud: SSO Connect On-Prem: Once Complete, proceed to Step 8: in the guide below.

If you just want to provision users via SCIM provisioning without SSO, proceed to the guide below.

User Provisioning (SCIM)

Configuration Steps

Step 1: Add SCIM Provisioning Method for JumpCloud®

Navigate to your Keeper Admin console and add the SCIM Provisioning Method to your desired "Node".

Step 2: Select SCIM Provisioning Method

Select "SCIM (System for Cross-Domain Identity Management)" and select "Next".

Step 3: Generate SCIM Token

At the next screen select "Generate" to generate your Token to connect your SCIM provisioning method.

Step 4: Save SCIM Provisioning Method

At the next screen, you will be presented with your URL and Token. You will need this information, for future use, to configure the SCIM section of the Keeper SSO Application within JumpCloud®. Select "Save".

You will now see your SCIM Provisioning Method in a Pending State.

Step 5: Add Keeper Application to JumpCloud®

Navigate to your JumpCloud® Admin Console -> SSO and select the Plus Sign to add Keeper Password Manager to the list of your SSO applications.

Step 6: Configure Keeper Application

On the "Configure New SSO Application" page, search for Keeper Security in the search bar. Select Configure on the right hand side of Keeper Application.

Step 7: Activate Keeper Application

Under "General Info", provide your Keeper application a Display Label such as "Keeper EPM" in the provided field and then select "activate".

You will now see your Keeper application in an active status.

Step 8: Configure SCIM within Keeper Application

Click on the active Keeper application and within the Keeper App Configuration, scroll down to the bottom and select "Configure" under the "Identity Management Section".

Step 9: Activate SCIM

This is where you will supply the previously generated URL and Token within the SCIM Provisioning Method in your Keeper Admin Console.

To enable Team Provisioning, click on "Enable management of User Groups..."

Step 10: Save Keeper Application

Select "save".

User and Team provisioning with JumpCloud is complete. Moving forward, new users who have been configured to use Keeper, in JumpCloud and are within the provisioning scope definitions, will receive invites to utilize the Keeper Vault and will be under the control of JumpCloud.

SCIM-provisioned teams are not immediately created but rather put into a “Pending Queue” where they are finalized by one of several approval methods.

Keeper Admin Console
https://docs.keeper.io/sso-connect-cloud/
https://docs.keeper.io/sso-connect-guide/
Click here to read about Team and User Approvals
Add SCIM for JumpCloud
Select SCIM
Generate SCIM Token
SCIM Pending
Add Keeper App to JumpCloud SSO
Configure Keeper App
Activate Keeper Application
Active Keeper Application
Configure SCIM
Save SCIM