LogoLogo
Keeper Connection Manager
Keeper Connection Manager
  • Overview
  • Security Architecture
  • Installation
    • License Key
    • System Requirements
    • Preparing for Installation
    • Auto Docker Install
      • Service Management
      • Upgrading
      • Adding Packages
    • Docker Compose Install
      • keeper/guacamole
      • keeper/guacd
      • Database images
        • keeper/guacamole-db-mysql
        • keeper/guacamole-db-postgres
      • SSL Termination
        • keeper/guacamole-ssl-nginx
        • Using a Custom SSL Cert
      • Upgrading
    • Podman Install
    • Backup & Recovery
  • Authentication Options
    • SSO Auth (SAML)
      • Microsoft Azure
      • Okta
      • Google Workspace
      • OneLogin
      • Oracle
      • PingIdentity
    • 2FA with TOTP
    • 2FA with Duo
    • SSL/TLS Client Authentication
    • Multiple Hostnames
    • PIV/CAC/Smart cards
    • Account Approve/Deny Workflow
    • OpenID Connect Auth
    • LDAP Auth
      • Using Multiple LDAP Servers
      • Storing connection data within LDAP
      • Using LDAP with a database
    • Account Restrictions
  • Connection Protocols
    • RDP
    • SSH
    • VNC
    • Telnet
    • Remote Browser Isolation
    • Kubernetes
    • MySQL
      • Importing and Exporting
      • Keyboard Shortcuts
    • PostgreSQL
      • Importing and Exporting
      • Keyboard Shortcuts
    • Microsoft SQL Server
      • Importing and Exporting
      • Keyboard Shortcuts
    • Connecting to Host Instance
    • Persistent Reverse SSH Tunnel
      • AutoSSH as a Windows Service
      • Linux - AutoSSH
      • Windows - OpenSSH
  • How to Use KCM
    • Login Screen
    • Home Screen
    • Creating Connections
      • Batch Import and API
    • How to Use KCM
    • File Transfer Config
    • Sharing Connections
    • Session Recording and Playback
    • AWS EC2 Discovery
    • Credential Pass-Through
    • Dynamic Connections
    • Custom Branding
      • Add Your Logo
  • Vault Integration
    • Connecting KCM to your Vault
    • Dynamic Tokens
    • Static Tokens
    • Multiple Vaults Integration
    • EC2 Cloud Connector
    • Advanced
    • KeeperPAM
  • Custom Extensions
  • Guest Mode
  • Advanced Configuration
    • guacamole.properties
      • SAML 2.0 Authentication Configuration Properties
      • Duo Two-Factor Authentication Configuration Properties
      • Encrypted JSON Configuration Properties
      • LDAP Configuration Properties
      • MySQL / MariaDB Configuration Properties
      • PostgreSQL Configuration Properties
      • SQL Server Configuration Properties
      • Login Attempts Properties
  • Troubleshooting
  • Importing Connections
  • Exporting Connections
  • High Availability
  • Pre-Release Testing
  • Changelog
  • Licensing and Open Source
  • Scope of Support
  • Security Advisories
  • Accessibility Conformance
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • User Management in Keeper Connection Manager
  • Accessing User Settings
  • Account Restrictions
  • Keeper Secrets Manager
  • User and Group Permissions
  • Group Assignments and Connection Access

Was this helpful?

Export as PDF
  1. Authentication Options

Account Restrictions

Applying user-based account restrictions

PreviousUsing LDAP with a databaseNextConnection Protocols

Last updated 24 days ago

Was this helpful?

User Management in Keeper Connection Manager

Keeper Connection Manager offers flexible user management capabilities that allow administrators to control access, apply account restrictions, assign permissions, and configure connection visibility for individual users or groups.


Accessing User Settings

To manage user accounts:

  1. Log in to your Keeper Connection Manager instance as an administrator.

  2. Navigate to the Settings tab.

  3. From here, you can create new users or edit existing ones.


Account Restrictions

When configuring a user account, the following restrictions can be applied:

  • Login Disabled: Prevents the user from logging in to the system.

  • Password Expired: Forces the user to reset their password at next login.

  • Allow Access After: Grants access starting at a specific date and time.

  • Do Not Allow Access After: Prevents access after a specific date and time.

  • Enable Account After: Activates the user account at a scheduled time.

  • Disable Account After: Deactivates the account after a scheduled time.


Keeper Secrets Manager

Individual users can be assigned a specific Keeper Secrets Manager configuration, allowing the user to use credentials from their vault for establishing privileged sessions to any target. See the Multiple Vaults Integration page for more info.


User and Group Permissions

Permissions can be granted at the individual user level or inherited from a user group. Available permissions include:

  • Administer System: Full administrative rights over the instance.

  • Create New Users: Ability to create and manage user accounts.

  • Create New User Groups: Ability to create and assign user groups.

  • Create New Connections: Permission to define new connection entries.

  • Create New Connection Groups: Ability to group related connections.

  • Create New Sharing Profiles: Manage sharing templates and permissions.

  • Change Own Password: Allows users to update their own credentials.


Group Assignments and Connection Access

Users can be assigned to one or more groups, inheriting the group’s permissions and restrictions.

In addition, administrators can assign:

  • Specific Connections: Restrict the user to a defined set of connections.

  • All Connections: Grant access to all available connections in the environment.

Keeper Connection Manager provides flexible user management options that include account restrictions, administrative permissions and connection targets.

Keeper Connection Manager Settings
Account Restrictions
KCM Service Configuration
Group Permissions
Group and Connection Assignments