LogoLogo
Keeper Connection Manager
Keeper Connection Manager
  • Overview
  • Security Architecture
  • Installation
    • License Key
    • System Requirements
    • Preparing for Installation
    • Auto Docker Install
      • Service Management
      • Upgrading
      • Adding Packages
    • Docker Compose Install
      • keeper/guacamole
      • keeper/guacd
      • Database images
        • keeper/guacamole-db-mysql
        • keeper/guacamole-db-postgres
      • SSL Termination
        • keeper/guacamole-ssl-nginx
        • Using a Custom SSL Cert
      • Upgrading
    • Backup & Recovery
  • Authentication Options
    • SSO Auth (SAML)
      • Microsoft Azure
      • Okta
      • Google Workspace
      • OneLogin
      • Oracle
      • PingIdentity
    • 2FA with TOTP
    • 2FA with Duo
    • SSL/TLS Client Authentication
    • Multiple Hostnames
    • PIV/CAC/Smart cards
    • Account Approve/Deny Workflow
    • OpenID Connect Auth
    • LDAP Auth
      • Using Multiple LDAP Servers
      • Storing connection data within LDAP
      • Using LDAP with a database
    • Account Restrictions
  • Connection Protocols
    • RDP
    • SSH
    • VNC
    • Telnet
    • Remote Browser Isolation
    • Kubernetes
    • MySQL
      • Importing and Exporting
      • Keyboard Shortcuts
    • PostgreSQL
      • Importing and Exporting
      • Keyboard Shortcuts
    • Microsoft SQL Server
      • Importing and Exporting
      • Keyboard Shortcuts
    • Connecting to Host Instance
    • Persistent Reverse SSH Tunnel
      • AutoSSH as a Windows Service
      • Linux - AutoSSH
      • Windows - OpenSSH
  • How to Use KCM
    • Login Screen
    • Home Screen
    • Creating Connections
      • Batch Import and API
    • How to Use KCM
    • File Transfer Config
    • Sharing Connections
    • Session Recording and Playback
    • AWS EC2 Discovery
    • Credential Pass-Through
    • Dynamic Connections
    • Custom Branding
      • Add Your Logo
  • Vault Integration
    • Connecting KCM to your Vault
    • Dynamic Tokens
    • Static Tokens
    • Multiple Vaults Integration
    • EC2 Cloud Connector
    • Advanced
    • KeeperPAM
  • Custom Extensions
  • Guest Mode
  • Advanced Configuration
    • guacamole.properties
      • SAML 2.0 Authentication Configuration Properties
      • Duo Two-Factor Authentication Configuration Properties
      • Encrypted JSON Configuration Properties
      • LDAP Configuration Properties
      • MySQL / MariaDB Configuration Properties
      • PostgreSQL Configuration Properties
      • SQL Server Configuration Properties
      • Login Attempts Properties
  • Troubleshooting
  • Importing Connections
  • Exporting Connections
  • High Availability
  • Pre-Release Testing
  • Changelog
  • Licensing and Open Source
  • Scope of Support
  • Security Advisories
  • Accessibility Conformance
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • PingIdentity Configuration
  • Video Example

Was this helpful?

Export as PDF
  1. Authentication Options
  2. SSO Auth (SAML)

PingIdentity

This page documents the process of integrating PingIdentity with Keeper Connection Manager, which is also known as KCM. We will be adding SAML 2.0 application connectors between the two platforms.

PreviousOracleNext2FA with TOTP

Last updated 9 months ago

Was this helpful?

PingIdentity Configuration

  1. Login as an Administrator for PingIdentity. From the PingIdentity menu, click Applications > Add Application

  2. Give the Application a name such as "KCM," select SAML and Save.

  1. Next, you'll encounter the SAML configuration. Select Manually Enter, then add the URL of your KCM server to the ACS URLs box as follows: https://<YOUR DOMAIN>/api/ext/saml/callback

  2. Then add the URL of your KCM server to the Entity ID box as follows: https://<YOUR DOMAIN> and press Save.

  1. Next, Edit Attribute Mappings. Since saml_subject is immutable, leave it as is. Add an attribute named EMAIL that has a Mapping of Username, and an attribute named groups that has a Mapping of Group Names.

  1. Then Edit Configuration and scroll down to SUBJECT NAMEID FORMAT and select the option urn:oasis:names:to:SAML:1.1:nameid-format:emailAddress. And hit Save.

  1. On the Overview section, verify that Access is for All Users (or the group you specified). Leave the Signon URL as the Default Signon Page. And Enable the Application by clicking the slider at the top of the application.

  1. Download the Metadata file from the Configuration tab, and ensure that it is named to metadata.xml.

  1. Ensure that all users are added with a Username that matches the email address of a user in your Keeper Connection Manager. **When you add users to Keeper Connection Manager use the matching email address, but leave the password blank.

Video Example

Video Proof of Concept
Add Application
SAML Configs
Attribute Mappings
Email to nameid Mapping
Settings to Turn Application On
Download the Metadata
Match Email Addresses to KCM Accounts