search

Deployment Packages, the Agent, & Requests

This section covers deployment groups, installing the agent, and managing requests so you can roll out Keeper EPM in a controlled way and handle elevation and approval flows.

hashtag
Deployment Package

A deployment package(sometimes described as a deployment collection) is the way KEPM defines what gets installed on endpoints and which endpoints receive it, so you can roll out KEPM in a controlled, repeatable way.

hashtag
What is Included in the Deployment Package

A deployment package typically includes:

  • The KEPM agent installer for the target platform (Windows, macOS, or Linux)

  • A Registration Token (or equivalent onboarding value) that allows endpoints to register to your Keeper environment after installation

Deployment Package Definition: A targeted rollout unit that bundles the KEPM agent installer and onboarding details (such as a registration token) and applies them to a defined set of endpoints so devices can register and sync the appropriate policies and configuration.

Once installed and registered, the agent can begin receiving configuration and policy updates from the Admin Console.

hashtag
What it scopes (the “deployment collection”)

The “collection” aspect is the targeting layer that determines which endpoints receive the deployment. It’s used to:

  • Scope rollout to specific machines and/or users

  • Stage deployments (pilot group first, then broader rollout)

  • Ensure endpoints receive the correct policy/config set after registration, based on how they’re grouped and targeted

hashtag
The Agent

Deployment means getting the Keeper Privilege Manager agent onto each endpoint and registering it so it receives policies from your Keeper deployment.

hashtag
High-level steps

1

hashtag
Obtain Agent Installer

Obtain the agent installer (or package) for your platform (Windows, Linux, or macOS) from your Keeper deployment or account team.

2

hashtag
Install Agent

Install the agent on each endpoint using your normal deployment tools (e.g., GPO, MDM, script, or manual install). Install under an account that has local administrator (or root) rights so the service can be installed and started.

3

hashtag
Restart the Workstation

hashtag
Managing Requests

Managing requests means handling the flow when a user asks for something that requires approval, justification, or MFA—and giving approvers a clear way to approve or deny.

hashtag
What Counts as a “request”

  • A privilege elevation request (e.g., run as administrator) when a policy requires approval.

  • Other actions that you’ve configured to require approval, justification, or MFA (e.g., certain file access or commands).

hashtag
How Requests Flow

1

hashtag
Action Triggered

User triggers an action (e.g., right‑click “Run as administrator” or open a controlled app).

2

hashtag
Policy Evaluation

Agent evaluates policies and sees that approval (or justification, or MFA) is required.

3

hashtag
New Request

Request is created and sent to the Keeper backend (or your integrated approval system).

4

hashtag
Approval Request

Approver is notified and can approve or deny in the console or in the approval UI (e.g., KeeperApproval).

5

hashtag
Response

Agent receives the result and either allows or blocks the action.

hashtag
Where You Manage This

  • Approvers: Define who can approve in the dashboard (see Create Approvers).

  • Policies: Set which actions require approval, MFA, or justification (see Policies in Detail).

  • Requests and history: View and audit requests in the Keeper Admin Console so you can see who asked for what and who approved or denied.

By combining collections (who and which machines), policies (what requires approval), and approvers (who can approve), you get fine-grained control without blocking productivity.

PreviousCreate Approvers, Collections, & PoliciesNextReference Targeting

Last updated

Was this helpful?