Backend API 17.6.1

Released on November 11, 2025

Features

  • KA-3745: Enabled Managed Service Provider's reserved domain to be used in their managed companies. MSPs often need to add an administrative user to each MC for tasks like binding SSO, AD Bridge, accessing reporting functions, and facilitating team sharing. This was previously blocked due to domain reservation policies between tenants.

  • KA-7608: Increased the maximum number of available teams from 10k to 15k per tenant.

  • KA-7301: Created a new billing admin permission for in-console purchases.

  • KA-7013: Created a new enforcement type to restrict the Autofill snapshot tool.

  • KA-7050: Added an enforcement policy for browser extension clipboard expiration.

  • KA-7596: Added a new client type and client version for the PEDM EPM Agent.

  • KA-5562: When role enforcement changes occur, affected users are now logged out.

Bugs

  • KA-7605: Resolved issue where SCIM removed users from roles outside of the SCIM tree For SCIM requests, we now ignore any actions on roles or teams within the tenant that are not in the SCIM tree. SCIM should not alter admin roles, as it cannot assign users to them. Ensure SCIM does not remove users from roles outside its management, defined as those within the SCIM tree.

  • KA-7635: Fixed an issue where a username is deactivated when deleting an invited user that does not have a valid invite.

  • KA-7625: Fixed an issue where a user is unable to rotate specific IAM users.

  • KA-7613: Fixed an issue where an error is being received when deleting users.

  • KA-7587: Addressed errors related to Admin Console calls to BreachWatch.

  • KA-7574: Addressed an issue with revoking an API token that had an invalid value.

  • KA-7573: Fixed an issue where a generated API token did not handle invalid dates.

  • KA-7571: Fixed an issue where a generated API token did not handle an invalid name value.

  • KA-7570: Fixed an issue where a generated API token did not handle invalid roles.

  • KA-7527: Issue addressed with negative numbers in Security Audit.

  • KA-7493: GET Users/User should not display teams/roles that are added to the user from the nodes that are not controlled by SCIM.

  • KA-7492: GET Groups should not display users who are added to the team from the nodes that are not controlled by SCIM

  • KA-7382: Resolved an issue where a device attempted to be approved but did not have the correct token.

  • KA-7340: Updated functionality for email bounces. Do not resend enterprise email invites to unsubscribed users.

  • KA-7253: Fixed an issue where the KSM client created records in folders without the correct permissions.

  • KA-7166: Resolved an issue where an IP restriction violation error was not handled correctly.

  • KA-7144: Investigated and resolved a self destructing records issue where records with an expired SDR were not being removed from the vault.

  • KA-6920: Eliminated an error where adding and SSO cloud configuration was throwing 500 Errors.

  • KA-6089: Corrected a behavior where Keeper users who are in more than one role could access the Browser Extension even if one role restricts access via an enforcement policy.

  • KA-5908: Fixed an issue where BreachWatch ARAM events were not showing record UIDs.

  • KA-5756: Fixed an issue where a user was able to sign in to the web vault immediately after enabling platform restriction.

PreviousBackend APINextBackend API 17.6.0

Last updated

Was this helpful?