Admin Console 16.0.0

Released to production on Oct 18, 2021

New Features

🇺🇸 Support for AWS GovCloud (FedRAMP)

Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.

Record Types Admin Controls

Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.

Compliance Reports

Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.

Security Model for Compliance Reports

To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:

  • Record Title

  • Record Type

  • URL

Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.

New Reporting Events

The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.

New ARAM Events

Event

Category

Description

compliance_report_saved

compliance

Compliance report UID ${app_uid} saved by ${username}

compliance_report_downloaded

compliance

Compliance report UID ${app_uid} downloaded by ${username}

compliance_report_exported

compliance

Compliance report UID ${app_uid} exported by ${username}

compliance_report_deleted

compliance

Compliance report UID ${app_uid} deleted by ${username}

saved_criteria_saved

compliance

Compliance report criteria UID ${app_uid} saved by ${username}

saved_criteria_edited

compliance

Compliance report criteria UID ${app_uid} edited by ${username}

saved_criteria_deleted

compliance

Compliance report criteria UID ${app_uid} deleted by ${username}

record_type_created

policy

Admin ${username} created record type "${name}"

record_type_updated

policy

Admin ${username} updated record type "${name}"

record_type_deleted

policy

Admin ${username} deleted record type "${name}"

Bug Fixes

  • EM-4867: Renew button is not active on expired accounts

  • EM-4871: Node and device type attributes for ARAM not working

  • EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen

  • EM-4878: Expired accounts cannot pay on the Administrator Login screen

  • EM-4904: Event types in ARAM reports erroneously displaying scroll bar

  • EM-4875: Deleted users saved to ARAM report results in white screen

  • EM-4899: Adding role to a user does not display until admin logs in or manually syncs

  • EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date

  • EM-4930: Not able to delete users from enterprise

  • EM-4944: User can change email address without a correct master password

  • EM-4953: ARAM BreachWatch events are not being listed correctly

  • EM-4971: Getting server failure when attempting to move a user to a new node

Known Issues to be fixed before General Availability

  • EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.

  • EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.

  • EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.

  • EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.

  • EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.

  • EM-4958: Not logging Compliance Reports “exported report” events to ARAM.

Last updated