# Active Directory Provisioning The Keeper Bridge is an enterprise-class service application that supports the ability to automatically sync Nodes, Users, Roles and Teams to your Keeper Enterprise account from an Active Directory service. To activate and install the Keeper Bridge, follow the steps below: 1. Login to the [Admin Console](https://keepersecurity.com/console). 2. Create a Node (under the root node) to sync with your Active Directory. 3. Visit the **Provisioning** tab and select **Add Method** and then **Active Directory Sync**. 4. Download the Keeper Bridge and proceed with setup. {% hint style="info" %} For detailed Keeper Bridge setup and installation instructions see our [Keeper Bridge Guide](https://docs.keeper.io/keeper-bridge). {% endhint %} Keeper Bridge supports single and multi-domain, multiple forest domains and other complex environments. The Bridge also supports high-availability mode and a variety of custom configuration options based on your AD/LDAP environment. The [Keeper AD Bridge Guide](https://docs.keeper.io/keeper-bridge) documents the full setup process. ![](https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2Fgit-blob-0d585753c9be9739ce50a9c0692177736eb59d1a%2Fbridge.png?alt=media) * The Keeper Bridge does not authenticate users into their vault with their Active Directory password. For seamless user authentication, consider our [Keeper SSO Connect](https://docs.keeper.io/en/enterprise-guide/user-and-team-provisioning/single-sign-on-saml-2.0-authentication) add-on as described in the next section which authenticates against Active Directory via AD FS.
* Automated Team provisioning requires the Keeper Administrator to authenticate on the Keeper Bridge. The Bridge will poll for users who have created their Keeper account after invitation, then the Bridge will encrypt the Team Key with the user's public key, and distribute the Team Key to the user. Once any member of the team logs into the Vault, all members of that team are approved.
* Once the Active Directory Bridge is syncing, we recommend not making manual user or team changes directly on the Admin Console. Delegate all user and team provisioning to the bridge through Active Directory. Role enforcement policy changes should still be made on the Admin Console --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/en/enterprise-guide/user-and-team-provisioning/syncing-active-directory-or-ldap.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.