Setup Steps

Accessing the KeeperPAM platform

Setup Steps

Follow the below steps to start using KeeperPAM.

1

Keeper Enterprise license

If you are not a Keeper customer or do not have the required license, you can start a free trial from our website. The free trial includes KeeperPAM full capabilities.

2

Activate Privileged Access Manager

From the Keeper Admin Console, ensure that your Privileged Access Manager subscription is active. Go to the Admin Console > Subscriptions and activate the trial or contact your Keeper customer success manager.

3

Enable PAM Policies

From the Admin Console, enable the corresponding PAM Enforcement Policies.

  • Login to the Admin Console for your region.

  • Under Admin > Roles, create a new role for PAM or modify an existing role

  • Go to Enforcement Policies and open the "Privileged Access Manager" section.

  • Enable all the PAM enforcement policies to use the new features.

  • Assign yourself or your test user account to this role.

4

Existing Customers: Updating your Gateway

This assumes you are an existing customer with Keeper Secrets Manager and you have a Gateway already deployed. Using the latest Keeper Gateway is required to support the new features. Depending on the operating system, features available will differ.

Docker

Use the basic docker-compose.yml file as shown below:

services:
      keeper-gateway:
        platform: linux/amd64
        image: keeper/gateway:latest
        shm_size: 2g
        security_opt:
          - "seccomp:docker-seccomp.json"
        environment:
          ACCEPT_EULA: Y
          GATEWAY_CONFIG: XXXXXXXXXXXX

Download the file called docker-seccomp.json and place it in the same folder as your Docker Compose file.

15KB
docker-seccomp.json
docker-seccomp.json

Windows

  • Download the latest installer: 64-bit Installer

  • You'll be asked to confirm uninstalling the previous Gateway, this is OK

  • Ensure the "Enter one-time access token" selection is NOT selected

Linux

To update an existing Gateway on Linux:

curl -fsSL https://keepersecurity.com/pam/install | sudo bash -s --

Retrieving the Configuration

If you are replacing an existing Gateway, get the old base64 configuration string from: /etc/keeper-gateway/gateway-config.json on Linux or C:\ProgramData\KeeperGateway\config\gateway-config.json on Windows.

5

New Customers: Create a new Gateway and Sandbox

Follow the step by step guide in the Getting Started section of this documentation. A new Quick Start Wizard is available to instantly create a sandbox for testing out a few of the connection types.

6

Explore new features

Notes

  • PAM Features differ between Linux, Docker and Windows versions of the Keeper Gateway.

  • For a full range of features, use the Docker installation method, or Linux installation method on Rocky Linux or RHEL8.

  • We recommend setting up a Keeper Gateway using the new Quick Start Sandbox. This provides a customized Docker Compose file that provides an instant sandbox for testing.

Feedback

Please email us at pam@keepersecurity.com with your feedback and we'll quickly assist you with any questions.

PreviousOverviewNextQuick Start: Sandbox

Last updated

Was this helpful?