search

Getting Started

Installation and setup of Privileged Elevation and Delegation Management (PEDM)

Keeper Endpoint Privileged Manager (EPM) helps you control privilege elevation, file access, and command execution across your endpoints. This section walks you through licensing, activation, permissions, deployment overview, and how requests are managed at a high level.

hashtag
Setup Steps

Keeper Endpoint Privileged Manager (EPM) helps you control privilege elevation, file access, and command execution across your endpoints. This section walks you through licensing, activation, permissions, deployment overview, and how requests are managed at a high level.

Follow the below steps to start using Endpoint Privilege Manager.

1

hashtag
Keeper Enterprise license

Keeper EPM is part of Keeper Enterprise. You need:

  • An active Keeper Enterprise subscription that includes Endpoint Privileged Manager (EPM).

  • Enough endpoint seats for the agents you plan to deploy.

Activation and seat allocation are done in the Keeper Admin Console. If you’re not sure about your license or EPM entitlement, contact Keeper or your account team.

If you are not a Keeper customer or do not have the required license, you can start a free trialarrow-up-right from our website. The free trial includes KeeperPAM full capabilities.

2

hashtag
Activate Endpoint Privileged Manager

  1. Log in to the Keeper Admin Console (dashboard).

  2. Turn on Endpoint Privileged Manager for your organization. The exact menu may be named “Endpoint Privileged Manager,” “Privilege Manager,” or similar depending on your console version.

  3. Get a registration token for your agents. You’ll use this when registering each endpoint. The token format is: hostname:deployment-uid:private-key Store it securely; you’ll need it for every new agent.

After activation, you can define approvers, collections, policies, and deployment groups, then deploy agents to your endpoints.

3

hashtag
Enable Permissions

With Endpoint Privilege Manager, an admin role is required with permissions covering end-user privilege.

  • Login to the Keeper Admin Console for your region.

  • Under Admin > Roles, create a new role or modify an existing role

  • In the Role settings select the "Administrative Permissions" tab and select "Add Managing Node".

  • Activate the "Manage Privileged Access" permission.

  • Assign yourself or your test admin account to this role.

Activating the Privilege Manager permissions in the Admin Console
4

hashtag
Check the Installation

Confirm the product is installed in the expected location:

  • Windows: e.g. C:\Program Files\KeeperPrivilegeManager

  • Linux / macOS: e.g. /opt/keeper/

You should see the main executable, configuration file (appsettings.json), and folders such as Plugins/, Jobs/, and KeeperStorage/.

5

hashtag
Verify and Start the Service

  • Windows (PowerShell): Check: Get-Service | Where-Object {$.Name -match 'keeper' -or $.DisplayName -match 'keeper'} | Select-Object Name, DisplayName, Status Start: Get-Service | Where-Object {$.Name -match 'keeper' -or $.DisplayName -match 'keeper'} | Where-Object {$_.Status -ne 'Running'} | Start-Service

  • Linux (KeeperSudo): Check: sudo systemctl status keeper-privilege-manager Start: sudo systemctl start keeper-privilege-manager Optional: sudo systemctl enable keeper-privilege-manager for auto-start.

  • macOS: Use the provided launchd configuration to load and start the Keeper service.

PreviousOverviewNextCreate Approvers, Collections, & Policies

Last updated

Was this helpful?