LDAP Provisioning
Keeper AD Bridge supports automatic provisioning of nodes, roles, teams and users from any LDAP service.
The Keeper Bridge is an enterprise-class service application that supports the ability to automatically sync Nodes, Users, Roles and Teams to your Keeper Enterprise account from an LDAP service. To activate and install the Keeper Bridge, follow the below steps:
Login to the Admin Console.
Create a Node (under the root node) to sync with your Active Directory.
Visit the Provisioning tab and select Add Method and then select LDAP Sync.
Download the Keeper Bridge and proceed with setup.
For detailed Bridge setup and install instructions see our Keeper Bridge Guide.
The Keeper Bridge does not authenticate users into their vault with their LDAP password. For seamless user authentication, consider our Keeper SSO Connect add-on as described in the next section which authenticates against Active Directory via AD FS.
Automated Team provisioning requires the Keeper Administrator to authenticate on the Keeper Bridge. The Bridge will poll for users who have created their Keeper account after invitation, then the Bridge will encrypt the Team Key with the user's public key, and distribute the Team Key to the user. Once any member of the team logs into the Vault, all members of that team are approved.
Once the Keeper Bridge is syncing, we recommend not making manual user or team changes directly on the Admin Console. Delegate all user and team provisioning to the bridge through the LDAP Directory. Role enforcement policy changes should still be made on the Admin Console
Last updated