Sharing Gateways

Sharing the Keeper Gateway with users

This feature will be live on July 2025

Overview

Keeper Gateways are essential when configuring PAM features such as rotation and connections on PAM Record Types.

Why would I need to share the Gateway?

Gateways are associated with KSM applications, and only users who have access to a KSM application with a gateway can view and select that gateway when configuring PAM Records Types. Without sharing, only the owner of the KSM application can configure the gateway on PAM Record Types.

By sharing the KSM application and the gateway, you enable other admins or team members to set up and manage PAM features independently. Sharing a Keeper Gateway is essential when multiple users in your organization are responsible for configuring PAM Record Types.

Gateways are shared automatically when a KSM application is shared with another user.

Sharing KSM applications

When you share the KSM application, you also share the Gateway associated wit the KSM application.

To share the KSM application:

  1. Select the KSM Application you want to share

  2. Edit the KSM Application by clicking edit

  3. Navigate to the "Users" tab

  4. In the search bar, enter the user’s email address

  5. Select the user from the dropdown to add them to the application.

For more information, visit this page.

User Permissions

When sharing a KSM application with other users, the following permissions can be assigned:

Permission
Description

Admin

Can manage folders, users, devices and gateways within the application

Member

Can view the application and use the gateways associated with the application

Sharing Implications

Shared Folders

Shared folders assigned to a KSM application are accessible by the devices and gateways created on the KSM application.

When sharing a KSM application with another user, If the user does not already have access to the shared folders associated with the application, those folders will be automatically shared with the user.

The level of access the user receives to these shared folders depends on their assigned role in the application:

  • If the user is added as an "Admin":

    • The user receives the default shared folder permissions

  • If the user is added as a "Member":

    • The user receives the "No User Permissions" shared folder permissions

If the user already had access to any of the shared folders before being added to the KSM application, their existing folder permissions remain unchanged and are not overwritten.

Records

Records can be directly assigned to a KSM application via Keeper Commander.

When sharing a KSM application with another user, if the user does not already have access to the records associated with the application, those records will be automatically shared with the user. Regardless of "Admin" or "Member" roles, the level of access the user receives to these records is "View Only".

Note: The above is applicable to directly adding records to a KSM application via Keeper Commander.

Removing a user from the KSM application

Removing a user from the KSM application does not revoke their permissions from the shared folders. Folder access must be manually removed if desired.

Outcomes

Once the gateway is shared through the KSM application, users who now have access can configure PAM Record Types using that gateway.

PreviousAuto UpdaterNextAlerts and SIEM Integration

Last updated

Was this helpful?