The Keeper Backend API is a core component of the Keeper platform, utilized by each of the client applications for authentication, syncing and core platform features.
Released on March 5, 2024
KA-5180: New ARAM event for alternate master password creation
KA-5512, KA-5521: Compliance reports fixes, including that folder UID displays properly for shared folder with only teams and users with no records don’t display as blank values in user criteria section
KA-5636, KA-5673: Fixed cases where record transfer email notification contained incorrect URL and/or UID
KA-5792: Restoring a sub-folder that was previously deleted now restores all shortcuts
KA-5888: Users are able to share a record outside of the enterprise even if assigned to a role that restricts receiving items from outside the enterprise
KA-5889: Shared folder is removed from vault immediately after deletion rather than only after full sync
KA-5901: Team role-mapping properly restricts one-time share usage
KA-5918: Bulk user actions have privilege checks enforced
KA-5938: If a user is a member of two roles with passphrase generator restrictions, the resulting rules for the user are both accounted for
KA-5945: If a legacy consumer user already exists with an invalid email address (for example, .con instead of .com), we allow the user to login and change their email
KA-4349: Support FriendlyName as SAML2 IDP attribute for Cloud SSO
KA-5266: Extended support for large numbers of users being modified concurrently
KA-5537: SCIM is prevented from creating the same user twice
KA-5553: When a user changes their logout timer, push to all devices instantly
KA-5709: Display support package information in the Admin Console
KA-5757: Accessibility improvements to color and spinner on certain Cloud SSO screens
Released on January 10, 2024
KA-3754, KA-5157: Support for our new Time-Limited Access feature
KA-5689: Support for new Granular Sharing Enforcements feature
KA-5519: Cloud SSO Configuration shall be node-unique non-shareable across different SSO nodes IF In Use
KA-5741, KA-5836: Support for Team Approvals (team creation) via Keeper Automator
KA-5628: Support for Security Key as the only two-factor method
DU-352: Added support for new policy "Disable ability to create duplicate" (DISABLE_CREATE_DUPLICATE)
KA-5350, KA-5694: Certain audit event reports which consolidate information are returning too many events. For example: audit-report --report-type=span --event-type=record_password_change --column=record_uid --column=audit_event_type --record-uid=<RECORD_UID>
KA-5438: Error when deleting a Cloud SSO instance from an empty node tree
KA-5692: If a MSP admin launches into an MC and attempt to perform an account transfer they are getting error “This user is not in a role that has the “Can Be Transferred” enforcement turned on error and cannot complete the transfer.
KA-5804: Support for some hardware security keys that failed due to "invalid size"
KA-5769: Some users receive 400 error on get_team_members (viewing team members in the vault user interface)
KA-4055: Added additional API changes to support server-side verification when a user is prompted for master password re-entry in certain scenarios. This is a low severity finding from Bugcrowd. Releated client tickets VAUL-6192, EM-6185.
Released on July 27, 2023
KA-4968: In Keeper MSP: The list of Share Admins is not properly including the Managed Company admins, only the MSP share admins.
KA-5322: Customers on a free trial were unable to access Record History and restore a record.
KA-5506: Inviting a consumer account to an enterprise, then editing a user's email causes an error.
KA-5482: "Disable email invites" was ignored by the "Automatically resend email invitations".
KA-5460: Stay-logged-in works one time after restricting it via an enterprise role enforcement.
KA-5146: User located on a sub-node with root node "Keeper Administrator" role isn’t able to perform Share Admin activities on root node records within the Shared Folder that is owned by a root user.
KA-5211: Deletion of Shared Record by non-owner results in removal of associated security Data, affecting the security score.
KA-5451: ARAM reports null,null,null
and 0.0.0
for On-Demand Rotation Success/Failure
KA-5028: ARAM event is not triggered when adding user to team in the scenario when it is done at the same time as the creation of the team.
KA-5287: Sub-node admin is not able to run ARAM "all security events" report
KA-5151: Enforce add-on and storage restrictions for MSP created by a distributor
KA-5134: Implement PUT for editing groups via SCIM requests.
KA-5376: Protection against creation of on-prem SSO accounts containing invalid data
KA-4571: Invalid invites are sent to users in nodes with incomplete SSO provisioning set up
KA-5420: Linked records are not showing in the user's deleted items when the record is deleted that contains links.
KA-4652: User counts in the billing history page do not appear in the Billing History page 'Users” column.
KA-5497: User Presence now supported on FIDO2 security keys: Users who login with a Security Key that have a PIN configured, will now be requested to enter their PIN. The server now responds with "Preferred" instead of "Discouraged" in regards to User Presence. To learn more about this feature, read about it on the Yubico website.
KA-5368: Bugcrowd report: User able to sign in to web vault after enabling platform restriction, as long as the session is still active.
KA-5395: IP AllowList restriction allowed session resumption (stay logged in) to occur even when the IP address is restricted.
KA-5341: If "stay logged in" enforcement is changed by the admin, the effect is not immediate. This information was being cached for some time in the Keeper infrastructure.
KA-4682: If you deny 5 Keeper Push device approvals, no more device approval pushes are sent until the account owner acknowledges and re-activates device approvals via an automated email.
KA-5474: Recovery process timeout was increased to 15 minutes from 10 minutes.
KA-5455: PAM rotation APIs can be used even if a user is not within a provisioned role.
KA-5408: Locked users should not be able to use KSM secrets manager API
KA-5418: Within the Enterprise, ensure that rotation APIs can only be executed by user with edit rights on the record.
KA-5409: Secrets Manager User with removed permissions can still edit and create applications.
KA-5208: Support for MSP Accounts in GovCloud
KA-5479: Backend support for Exabeam SIEM provider. Console UI update coming.
KA-5473: Support for shared folder array in permission changes (for Keeper Commander "apply-membership" bulk command in ticket KC-590).
KA-5171, KA-5172: APIs to provide the Admin Console and Commander with a user's 2FA and transfer acceptance setting. Will be implemented in the UI in a later release.
KA-5189: Endpoint to allow the Admin Console to flush security scores and re-calculate. Will be included in a future Admin Console release.
KA-5386: Added 2 more ARAM events related to MSP distributor billing:
User ${username} activates MSP for enterprise ${enterprise}
User ${username} deactivated MSP for enterprise ${enterprise}
KA-5426: New ARAM events for Keeper Secrets Manager client devices:
app_client_record_create
app_client_record_update
app_client_record_delete
app_client_folder_remove_record
app_client_folder_update
app_client_folder_delete
KA-5143: Support for MSP "Business Starter" plan. Not yet implemented in the UI.
KA-5222: Support for APIs to remove files and linked records from Keeper Secrets Manager.
KA-5461: Support for an optional "path" parameter when setting up Splunk SIEM endpoints. "https://" + host + ":" + port + (path=="" ? "/services/collector" : path)
KA-5456: SCIM "Get Group" command fails when a team is located in a subnode under SCIM node.
KA-5500: Improved language in Sharing Notice emails.
KA-5265: Support for new role enforcement policy MASTER_PASSWORD_MINIMUM_LENGTH_NO_PROMPT This role enforcement will allow a role to not require the user to immediately change their master password if the length of their password is less than the minimum.
KA-5541: Support for sending "minutes" instead of "milliseconds" for logout timer setting.
KA-5573: Support for logging into SSO Cloud from the user's default web browser when using Keeper Desktop. This new feature will be incorporated into an upcoming Keeper Desktop release 16.10.4.
Released on June 29, 2023
Released on June 23, 2023
Released on June 13, 2023
Released June 08, 2023
Released on June 05, 2023
Released on May 30, 2023
KA-5338: Delegated admin can affect SSO configuration in other nodes through configurations.
KA-5360: When share admin transfers ownership of a record, incremental sync missing transferred record UID, causing record to appear/disappear on both side vaults until full sync happened (on a background or next login).
KA-5424, KA-5421: Improved sync performance by removing queries for non-enterprise users.
KA-5419: After an Admin deletes a user from the admin console and then re-creates that user with the same user email the user is unable to successfully create the account a second time. The user will see network connection errors in the Vault and we see server errors on the backend.
KA-5453: Allow longer custom email invite templates, up to 5,000 chars.
KA-5468: Add role enforcement to disallow importing of shared folders from LastPass. The role policy name is RESTRICT_IMPORT_SHARED_FOLDERS. This change goes with Vault ticket VAUL-5977.
KA-5470: When a user is deleted, their pending device approval queued entries are not deleted. This is causing a problem when the user is created again with the same username.
KA-5463: Commander API errors with shared_folder_update
KA-5478: Error message when a Share Admin removes a user from a shared folder.
KA-5473: Bulk change endpoint for folder permissions, to accept an array of shared_folder object. This will provide Commander with bulk permission changes under ticket KC-590.
KA-5427, KA-5447: Logout timer improvements
The minimum logout timer for the device type (Web apps, desktop apps, mobile apps) are utilized for any device that you login to.
If the admin lowers the max allowed logout timer for a device type, the next login will enforce the lower amount across all devices of the specified type.
If the admin lowers the max allowed logout timer for a device type, this will modify the current session for all affected users.
If the admin raises the max allowed logout timer, users will not be raised higher. But the user will need to logout and login to increase their logout timer.
The role enforcement max allowed will be used as the "Default" logout timer for users.
The idle logout is by device type for a user, not specific to a device for the current user.
Logout timers shall be allowed beyond 24 hours. Any value up to 30 days will be supported.
Releases notes older than last 10 releases
Older release note content is still available, but anything older than the last 10 updates is placed here.
Release ETA March 15, 2021
KA-2836: Support for new Record Types feature
KA-3862: Support for Node Isolation
KA-3857: Provide free Family Plan to all linked personal accounts
KA-2517: An audit event is created when a user is removed from a role or team
KA-3909: Support for automatic enterprise invite re-sends on the backend
KA3873: Enforcement values missing from get_enterprise_data_for_user_response
KA-3693: API requests to the backend are slow to turn on 2FA
KA-3870: IP blocked events are not being reported in Reporting & Alerts Module
KA-3880: Extending the share expiration of a user, fails to save new expiration date
KA-3869: Shared Records Report returns unwanted data
KA-3894: Admin Console crashes when the last user of a team deleted
Estimated Release Date: January 22, 2021
KA-3782: Change SCIM GROUP PATCH implementation to return 204 Status
KA-3588: Support for SSO Connect On-Prem alias checking on email changes
KA-3578: Turning on Stay Logged In did not work the very first time
KA-3756: Stay Logged In setting not honored on particular login flows
KA-3626: Syslog push fails in EU
KA-3638: Adding ARAM event causes throttling
KA-3725: Various issues with record sharing
KA-3718: User is unable to set alternate Master Password
KA-3582: ARAM is missing the event "Removed User from Team"
KA-3607: SSO does not send SessionIndex on SAML logout
KA-3628: Entity ID fails to update when moving configuration
KA-3674: Records fail to appear in shared folder after a team is added
KA-3661: "Offline Master Password" role enforcement fails
KA-3548: Error message appears when login to US SSO Cloud account in EU region
KA-3514: Event is not triggered when delete command is used
KA-3701: MSP Admin is unable to approve SSO Cloud users from Managed Companies
KA-3719: File usage is not properly updated
KA-3726: A server error is generated when deleting a team
KA-3730: "Account Recovery Requested" ARAM event is not triggered
KA-3741: Cloud SSO users that are also admins, require Master Password to export
KA-3746: Errors are generated when deleting a record in a team shared folder
KA-2654: Backend APIs for Admin Console login for customers with over 100k users
KA-2837: Addition of new APIs for upcoming Record Types feature
KA-3316: Create user event not reported in ARAM
KA-3728: Sending hyperlink to invalid domain in some scenarios
Estimated Released Date: December 29, 2020
Released on December 21, 2020
TRAN-3497: ARAM event added: Enterprise is out of seats
TRAN-3498: ARAM event added: Admin approved a device
KA-3654: Keeper removes pending users when SCIM provider patches user to inactive status
KA3610: Improved performance impacts due to API throttling
KA-3592: Allow Admins to provision invited users into Teams
KA-3625: MSP Keeper Admin is unable to approve SSO Cloud users from managed companies
KA-3560: SCIM email change issues
KA-3615: Broken Access Control - Change permission of other users in the same sharing record
KA-3614: Broken Access Control - Remove user in the same sharing record
KA-3624: Keeper Push fails for Cloud SSO users with DUO enabled
KA-3585: 2FA code duration preference fails for SSO Cloud users
KA-2558: Team folders are not being pushed to users upon login
KA-3637: Unable to login to Web Vault using Alternate Master Password and 2FA
KA-3235: Changed Email Address event isn't displayed in ARAM
KA-3641: Attempting to save empty shared folder record key
KA-3663: Cloud SSO accounts require two Admin approvals
Estimated Release Date November 20, 2020
EM-4399: BreachWatch events now include the record UID to inform Admins what records trigger BreachWatch Events
KA-3580: Re-trying an Admin Device Approval for pre-approved devices must reply success and send push
KA-3582: ARAM is missing "Removed User from Team" event
KA-3493: Log Error - users with region issues
KA-3586: File download for Enterprise users currently looks at file_plan_expiration
Released on November 13, 2020
KA-3553: Improved performance for SCIM filter by external ID
KA-2571: Validate a user's domain when an enterprise is created or when an enterprise user is added
KA-3583: Restrict Admins from adding teams with missing encrypted_team_key
KA-3448: Admin is able to invite a user to an enterprise when the user exists in a different region
KA-3464: "Forgot Password" flow generates error message
KA-3533: 404 error appears after logout from US SSO Cloud account
KA-3534: Log Error - NPE in SharedFolderUpdateCommand
KA-3491: A server error is generated while editing MSP user's name and email
KA-3493: User with region issues generates log error
KA-3407: Android users are prompted twice for code during 2FA setup
KA-3540: Cloud SSO IdP-initiated login URL is not displayed as expected
KA-3549: Cloud SSO does not return an error to the user if a bad IdP metadata XML file is uploaded
KA-3394: BreachWatch and Security Audits reports are not updating as expected
KA-3555: Log Error - ArrayIndexOutOfBounds in CreateAccountController
KA-3556: Log Error - NPE in ManagedNodePrivilegeRemoveCommand
KA-3554: Network error calling kinfo when user already exists locally
KA-3568: KeeperApp should prevent active SSO connections from being deleted
KA-3571: Errors are generated when a user attempts to approve existing devices via Keeper Push
KA-3573: Requests are not removed from Approval Queue once approved by Admin
Expected Release Date: October 30, 2020
KA-3328: Using KeeperDNA for device approval does not work as expected
KA-3442: Log error is generated when deleting a revision
KA-3460: SAML validation errors are incorrectly being logged in the KeeperApp error log
KA-3464: Forgot Master Password flow generates error messages
KA-3508: start_login returns error after biometric login attempts to Cloud SSO accounts
KA-3512: Keeper Push does not work in attempt to enable 2FA in EU SSO Cloud account
KA-3513: A user is unable to login with SSO Cloud after being moved to an SSO node with the precondition that the user has not first logged in with their Master Password
KA-3519: A pending Enterprise user in an attempt to login to the vault receives an invalid account creation email
KA-3520: Recent Activity in account summary is missing iOS sync
KA-3521: The browser extension logout timer uses the timeout value set within the vault
KA-3509: Log Error, NPE in getManagedEnterpriseInfo
Released October 21, 2020
Release ETA October 16, 2020
KA-3485: Fix to change Enterprise storage expiration to license expiration date
KA-3430: Inviting a reserved domain user triggers an incorrect error message
KA-3433: iOS devices do not receive "device_locked" push notifications from admin tool
KA-3436: When providing the 6-digit code from an account that is using DUO, the response displays an error
KA-3460: SAML validation errors are incorrectly being logged
KA-3447: A log error is generated when deleting a role or privilege
KA-3464: Forgot Password flow is generating several error messages
KA-3477: SQL error is generated in "ChangeMasterPasswordCommand"
KA-3480: Command returns an invalid session token type for expired Unlimited account
KA-3281: Enterprise tool search functionality is not working as expected
KA-3489: Login fails for SSO On-Prem users when IP auto-approval is turned off, or if it's ON and new IP / Device
Released October 12, 2020
Released October 12, 2020
Released October 10, 2020
KA-3443: Support for SAML 2.0 IsPassive option in Cloud SSO
KA-3434: Deleting an enterprise does not release the kinfo.domain
KA-3438: Biometric login to wrong region generates "DEVICE_ACCOUNT_LOCKED" message
KA-3415: User unable to update an existing push token for a new device using device SNS registration service
KA-3393: Creation of a new user fails to trigger an ARAM event
KA-3388: Cloud SSO loses configuration parameters
KA-3377: Error message fails to appear when a user selects RSA option during 2FA setup and RSA has not yet been configured
Released October 7, 2020
KA-3440: User invite fails when the domain is reserved by multiple enterprises
KA-3439: EU SSO Cloud user who attempts to login from the Desktop App with their email address is routed to Device Approval screen rather than their IdP
KA-3435: In an attempt to switch account after an account logout prompts user to update their password
Released October 6, 2020
KA-3423: The server will allow all access currently reserved to restrict and sync down
KA-3448: Fix to allow Admin to invite a user to an enterprise when the user exists in a different region
KA-3436: When a user provides the 6-digit code for DUO 2FA, the response displays an error message
KA-3420: When a user creates a Business trial and switches regions, they receive and error message when attempting email verification
Released October 1, 2020
Released September 29, 2020
Released September 22, 2020
KA-3359: Correct SSO accounts transition from pending_enterprise_user to enterprise_user
KA-3358: send_email_verification link is being rejected
KA-3271: Deleting user from v10 admin tool doesn't fully delete user
KA-3233: Error message is received when a new user attempts to accept and create a family account via email invite's deep link.
Released September 18, 2020
Released September 18, 2020
KA-2906: Service Logger implemented as short term in-database logger
KA-2873: DAO layer implemented for new Cloud SSO data objects
KA-3314: Significant Cloud SSO logging improvements
KA-3273: Implemented prefix-based SCIM role mapping
KA-3214: Support signature embedded in the SAML response
KA-3210: Role enforcement created to disallow v2 clients
KA-3133: Without recovery data, removing a user from Cloud SSO node is prevented
KA-3343: Azure email formatting causes SSO to throw exception
KA-3332: Database error received during enterprise_delete
KA-3329: In attempt to delete SCIM user, user is locked instead of deleted
KA-3301: Master Password re-entry fails for biometrics
KA-3284: get_user account_information fails to return pending devices
KA-3264: Prevent account enumeration via 2FA throttle
Released September 12, 2020
Released September 12, 2020
Released September 11, 2020
KA-3283: Support for deleting invited user via SCIM PUT
KA-3263: Role enforcement policy created to disable account recovery
KA-3237: ARAM event created for "Enterprise is out of seats"
KA-3263: ARAM event created for Admin approved a device"
KA-3182: Endpoint created that allows a support tool user to verify a user's 2FA code
KA-3304: SAML Logout returns 404 with no IdP logout endpoint configured
KA-3294: Logout timer enforcement on Desktop logs user out at max duration instead of max idle
KA-3274: Email change landing page contains incorrect string
KA-3242: SSO logout doesn't redirect to IdP to perform logout from mobile client
KA-2994: Throttled re-authentication enforcement in vault is persistent on next log in.
Released September 6, 2020
Released September 5, 2020
Released September 4, 2020
Released September 3, 2020
ETA for release: Sept 8, 2020
The Backend API version 15.0.9 release is focused on Login V3 and SSO Cloud APIs.
Cloud SSO Connect General Availability (GA) More information available here: https://docs.keeper.io/sso-connect-cloud/
Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3
KA-3173: Support for session persistence
KA-3079: IdP-initiated login for Cloud SSO accounts
KA-3086: New Enterprise role policies (disable_onboarding, disable_commander)
KA-2468: Support for 24-hour logout timer period
KA-3177: Added ARAM event for "Device requires Admin approval".
KA-3188: Backend support for device linking (auto-login of resumable sessions)
KA-3061: Better handling of invalid email addresses
KA-3130: Login V3 support for SSO-Master-Password logins
KA-3141: Ignore password expiration for SSO users
KA-3128: Do not redirect users to incomplete SSO Cloud configuration
KA-3134: Support for Region Redirect on SSO Domain login
KA-3088: Resolve missing Sign On URL in Cloud SSO metadata file for Azure
KA-3147: Throttling configuration for SSO Domain name
KA-3161: Duo Push web socket message not received by vault during account recovery
KA-3163: Changing Keeper SAML SP endpoint from kepr.co to keepersecurity.com
KA-2516: Master Password regex causing loop on iOS devices
KA-3175: Improved throttling on email verification codes
Released on August 13, 2020
KA-3094: Improved handling of SSO data for users when moved out of SSO node and back into SSO node (retains data).
KA-3103: Editing a shared folder name or color changes default permissions.
KA-3093: Very slow login when thousands of shared folders are present in the vault.
KA-3099: Improved handling of migration from US to EU data centers
KA-2960: Addition of alias_add event for adding alias username/emails
KA-3097: Improved handling of login to US SSO account from EU vault
KA-3074: Added events for Device Approval
KA-3110: Prevent admin from moving user from on-prem SSO to Cloud SSO
KA-3022: Submitting verification code for pending invited user returning 403 error
Backend support for Keeper SSO Connect Cloud
Released May 15 & July 2, 2020
Released May 15, 2020
Released April 24 & 27, 2020
Subsequent releases 14.12.2 - 14.12.4 are also included in the following release notes.
Fixed: Unable to register new users on current chat clients.
Fixed: SSO (pre version 14.2.1) is not validating IP and device link for Enterprise.
Fixed: Transferred direct shared records do not show up in both root and transferred folders.
Fixed: Adding a 2FA duration to an enforcement generates server errors.
Released April 24, 2020
Team Roles - This release introduces a major improvement geared toward increasing the efficiency of managing role enforcements. Enterprise Admins now have the ability to manage enforcements more precisely by assigning teams to roles. Furthermore, a user who is a member of a team assigned to a role will assume the enforcement of that given role.
Master Password Re-entry Enforcement - This role enforcement allows Admins to further enhance their security policies by requiring users to re-enter their Master Password in order to unmask or copy a password. Once unmasked, the password will be re-masked after 30 seconds have passed.
Account Transfer Improvement - A transferred account will be replicated in its structure and content and all data will be housed in a dedicated transfer folder that includes deleted records and record history.
Web Vault & Desktop App Import Prevention - This role enforcement allows Admins to restrict users from importing data from the Web Vault and Desktop App.
Fixed: Issue requiring an update of Google's phone number parser library to v8.11.3.
Fixed: Users are denied access when moving a record within a shared folder containing restricted team sharing capabilities.
Fixed: Business to MSP conversion fails for nodes that contain account transfer roles.
Fixed: "Added Shared Folder" events only appear under the "Added Folder" event type in ARAM.
Released March 30, 2020
Subsequent release 14.11.1 is also included in the following release notes.
API implementation allowing Enterprise Admins to disable 2FA for their users so they no longer have to contact support to do so.
Admins able to set a role enforcement preventing users of the browser extension to enable Auto Submit and Prompt to Fill features.
Fixed: DUO 2FA experiencing intermittent failures.
Fixed: Push server is not re-registering after a fail to connect to database and is removed from database table too quickly preventing users to successfully login.
Fixed: Error received when converting nodes to Managed Company if user data is present.
Fixed: MSPs unable to pause Managed Companies as expected.
Fixed: Issue causing the new push servers to incorrectly handle the DNA push token.
Fixed: "auth_failed" appearing in Admin Console due to invalid session token detection when outbound IPs are load balanced.
Fixed: Spaces in 2FA backup code result in "server_failure".
Released February 14 & 28, 2020
Released February 3, 2020
Subsequent release 14.9.13 is also included in the following release notes.
Fixed: Issue preventing MSP admin from logging into Managed Company if assigned a role that enforces 2FA at every log in.
Fixed: Some EU users unable to successfully login after updating their email address.
Fixed: Priority setting issue preventing successful SMS delivery method in Japan.
Released November 28, 2019 | December 13, 21 & 23, 2019 | January 2 & 27, 2020
Subsequent releases 14.9.1, 14.9.2, 14.9.3, 14.9.4, 14.9.5. 14.9.6 14.9.7, 14.9.8, 14.9.9, 14.9.10 and 14.9.11 are also included in the following release notes.
Enabled IP range based MFA prompt rules (NCINO).
KeeperApp now responds to "/api" prefaced commands.
Support for LogRhythm SIEM provider.
API implementation for node to Managed Company conversion.
Fixed: "Bad_request" error message received on login containing ".con" in email field.
Fixed: Error occurs when user links a record from one shared folder to another.
Fixed: Text key visible in error message when a user attempts to add a record to the same shared folder it already resides in.
Fixed: An issue blocking clients that don't send in a user agent.
Fixed: An issue causing BreachWatch API to reject IE submissions.
Fixed: Crash occurs during login to various Managed Company accounts.
Fixed: User receives an SSO error message after they are moved out of an SSO for the purpose of recovering their Master Password.
Fixed: SSO new user/device access check initiates for SSO Connect >14.1.3.
Fixed: When enabling account transfer permissions and enforcement, the MSP loses the ability to launch into the Managed Company.
Fixed: Unable to move Managed Company to sub nodes without errors.
Fixed: Issue preventing imported records from inheriting the default folder settings.
Fixed: MSP receives "missing_keys" error when attempting to assign a user to a role with administrative permission.
Fixed: Error message displaying key values is received in Enterprise Console when a user attempts to add SCIM provisioning method to the Bridge.
Fixed: Support for enterprise client tool version.
Fixed: Managed Companies are duplicated when filtered by node.
Fixed: Some users in SSO nodes are unable to login as expected.
Released November 15, 2020
Creation of new API to send email verification link.
Fixed: Root Admin receives intimate spinner in attempt to log into Managed Companies located in a sub node.
Fixed: Body of Japanese and German welcome emails for Keeper Business accounts are not translated.
Fixed: Records that are deleted from a shared folder are displaying incorrect deletion dates in Deleted Items folder.
Fixed: Adding a user to a shared folder does not send record meta data.
Fixed: Translation keys visible in some Enterprise customer email invitations.
Released November 1, 2019
Released November 1, 2019
Fixed: The verification link to change a user's email generates an error message
Fixed: The "record_add" command does not specify which file ID's are invalid in its response.
Fixed: When moving a record from the root into a shared folder, it is not observing the default folder settings.
Fixed: When added to a team, users do not immediately see shared folders until their next login. to the vault.
Released on September 21, 2019
Text Message 2FA codes now include the platform requesting the code (Web Vault, Desktop App, iOS, Android, Console, etc...)
Updated template content for default Enterprise invitation
Support for Yubikey 5Ci Hardware Security Key
Fixed: Account recovery flow when customer attempts recovery in wrong geographic data center
Fixed: Admin is unable to delete a user having many record revisions
Fixed: Cannot create a family plan if once was admin of a family plan
Fixed: User is member of a Team and can receive shares in Shared Folder, but not add the Team to a Shared Folder.
Fixed: Shared folders in Account Transfer do not retain permissions.
Resolved: Prevent user from linking a personal license to existing business license from a different data center region.
Fixed: Removing a favorite from a record does not sync with other platforms.
Subsequent releases 14.7.12, 14.7.13, 14.7.14 and 14.7.15 resolved the following bugs:
Fixed: Issue decrypting old device session tokens
Fixed: Custom email templates reverting to default template in certain sub-nodes
Fixed: Personal license validation link produces 404 error
Fixed: SCIM provisioning failing with 400 error
Fixed: Free Data Breach Scan in EU region generating confusing error message
Fixed: Hyperlink to signup from SSO-provisioned user inside email template generated 404 error
Prevent external SIEM host connectivity test misuse by enumerating ports on the local network
Released on September 15, 2019
Released on August 16, 2019
Released on Aug 16, 2019
Enterprise end-user invitations are now sent once every 48 hours to maximize user adoption. Previously sent email invitation codes are invalidated by the most recent code.
Updated the formatting, layout and branding of general email templates sent from the backend API in accordance with Keeper's new corporate branding.
Duo 2FA setup was not fully activated in some end-user scenarios after first setup. Fixed.
Translations missing in invitations and transfer record dialogs in Admin Console.
Preventing user from changing email address to the same email.
IP Allowlisting with overlapping ranges caused errors. Fixed.
Released on Aug 9, 2019
Released on August 6, 2019 @ 7PM PST
Due to issues experienced with Twilio (EU regulations surrounding delivery of messages using local numbers, confusing user experience around the use of Authy services), we made a migration of Keeper SMS 2FA services to Amazon AWS, our infrastructure provider.
The new backend SMS capabilities of Amazon AWS provide the following benefits:
Local delivery of phone numbers via Short Codes
Fast and reliable delivery
Full integration into Keeper's existing AWS infrastructure
We apologize for any disruption of SMS 2FA services over the past several days as we have completed the migration. If you have any questions or experience any issues receiving SMS messages from Keeper, please contact support or switch to a TOTP-based authentication method, such as Google Authenticator or Duo.
Released on August 2, 2019
Released on July 25, 2019
This is a major feature, bug fix, security and performance improvement release.
Admins with Team Management permission will soon be able to add other members to a team, even if the admin is not part of the team. NOTE: Front-end implementation of the feature must still be completed on the Admin Console.
Users will receive an email notification when a record has transferred ownership to them.
Vault Transfers performed by the approved administrator will also transfer deleted records. The deleted records will be in the "deleted" section of the destination vault.
Ability to assign free Personal Licenses to Business Licenses (not available for all Business customers).
Created API to provide a list of team members, in order to display the information in the Vault. NOTE: The vault update has not gone live yet.
Created process to periodically ask the customer to review and update their security questions.
Created Backend APIs to support the Free Data Breach Scan feature on the Keeper Security Website and BreachWatch services. https://keepersecurity.com/free-data-breach-scan.html
Roles can now be provisioned through SCIM (supported by Okta and other identity providers). The Role ID must be provided by the SCIM message. Notes: - When a new user is created, default roles will be assigned regardless of what provided in "roles" field. - Roles with administrative permissions will cause the operation to fail with status 406 ("not acceptable") and "detail": "A role with Administrative Permissions may not be assigned by SCIM." - To identify the Role ID, this information is will eventually be displayed in the Admin Console, but it can be also seen via Keeper Commander command "enterprise-info":
"Last Modified" in record history will be replaced with the date in which the backup of was created (not last modification date)
Shared records to users outside of the organization will be removed automatically when a "Vault Transfer" of the user account is performed by the admin.
Stop sending share invites between Enterprise users, as this is not needed.
Repaired the "Change Email Address" flow from certain clients, in which the verification email was not being sent properly.
Emergency Access not honoring the desired wait time in certain cases.
Released July 2, 2019
Released on May 6, 2019
Released on April 23, 2019
Node Isolation Option for MSP Customers The Keeper Backend now as the ability to enforce Node Isolation for business customers. When "Node Isolation" is activated, users and teams that show within Share screens on the vault are limited to parent and child nodes. This feature is built for MSP customers who configure each node in the Keeper Admin Console as a separate end-customer account. In the example below, if Node Isolation is activated on the West Coast node then: Users in "Developers" are able to see other users and teams up in Developers, West Coast, Regions, Engineering and Craig Lurey LLC. Users in "Developers" are NOT able to see the users and teams in "East Coast" or "Sales", since those nodes are in parallel tree paths.
On the Vault, the screens affected by this change are the "Shared Folder" and "Record Share" screens:
To activate Node Isolation please contact us https://keepersecurity.com/support.html
Migrating from Google Cloud messaging (GCM) to Firebase Cloud Messaging (FCM) for Android platforms.
During Vault Transfer / Account Transfer, team permissions are also transferred now.
Optimization for syncing a large number of folders and records, when team permissions and individual user permissions overlap the same records. Duplicates are removed from the sync down response which decreases the overall encrypted package size.
Created an optimized "import" backend API for record import
Fixed "record key already encrypted with datakey" error which occurs randomly
German translation improvement (backend errors and success messages)
The next Backend API 14.6.0 release will support BreachWatch for Business.
Released on March 14, 2019
Ability to login to Keeper when offline and SSO is unavailable, on the Web Vault and Desktop App. In this use case, the Keeper Admin enables the feature from the admin console role enforcement policy. This feature is disabled by default. It will only appear as an option within an SSO-enabled node.
For users who are part of an SSO-enabled node where the Admin has enabled Master Password login, the user will be able to login to the Web Vault and set a Master Password. Note that the Master Password complexity is enforced based on the rules of the role enforcement policy.
When offline mode is permitted by the Keeper Administrator, users can login to the Web Vault in a fully offline situation, or in a network that has no SSO access. Note that in order to make use of this feature, the user must login to the Web Vault on that particular user account at least one time.
If an account is available for offline login, an indicator graphic shows on the login screen:
Keeper Commander can now be utilized on SSO-enabled accounts through the use of the Master Password.
Security Update: We have added new security updates to prevent enumeration attacks against SSO Customer Enterprise Domain names.
We have added several new event types in the Advanced Reporting & Alert module to track the following events:
Alert Created
Alert Deleted
Alert Paused
Alert Resumed
Team Created
Team Deleted
Role Created
Role Deleted
Node Created
Node Deleted
Fixed issue where "Just-In-Time (JIT)" provisioning setting was being ignored
Offline mode will not work in Internet Explorer and the mobile version of Safari, due to the limitations of those platforms.
Released January 25, 2019.
Final release of Advanced Audit & Reporting backend prior to Admin Console release
Improved record history detailed data
Replace "Recent Activity" data with new enhanced metadata
Business logic for Audit & Reporting SKU and billing system
KeeperChat free trial activation from Admin Console
Increase allowed file upload size on "Custom Logo" from Admin Console
Syncing fix in shared folders related to removing a user from a folder
Overlapping IP ranges in enforcement restriction caused exception
"Ownerless" records after vault transfer are automatically corrected
Translation fixes regarding certain new role enforcement policies
Record "delete" events not logged when deleted from root user folder
SCIM triggers email to admin if the max number of licenses has been exceeded
Version 14.4.0 includes several new features for Master Password login when SSO is unavailable, and offline mode in the Web Vault.
Released December 27, 2018.
This release contains minor bug fixes and several new backend features.
Added support for upcoming Advanced Event Reporting & Auditing system
Added additional API throttling monitoring and abuse prevention measures
Translation changes
None
Duplicate shared folders returned in certain situations
Removed deleted record metadata when no record references found
Version 14.3.0: Major release with over 20 tickets, containing bug fixes, new features and general backend improvements affecting all client applications.
Released December 31, 2020
Released February 15, 2021
KA-3809: Improved logging for support team
KA-3812: Ability to perform verbose SCIM logging
KA-3795: Improved behavior of "Stay Logged In" for browser extension users.
KA-3792: Improved speed and performance
KA-3797: Improved speed related to Trash Can view
KA-3787: Improved query performance on the backend
KA-3796: Invalid 2FA code returns invalid error message to user
KA-3784: Attempt to add a user to a shared folder doesn't add the user in local folder view
KA-3802: Error processing large number of SSO Cloud Admin Approvals
KA-3801: Adding users via customer-specific provisioning method generates Server 500 error
KA-3808: Some records do not return user information in "Last modified" record history information.
KA-3824: New records are not visible to all team members of a shared folder
KA-3790: Denying a Keeper Push via 2FA method caused approval
Released on March 2, 2021
This update may have caused existing Azure Function sessions to be logged out. Please follow the instructions in the link below to re-activate the Azure Function. https://docs.keeper.io/sso-connect-cloud/device-approvals/azure-function#troubleshooting-and-repairing-failed-logins See the "Troubleshooting and Repairing Failed Logins" section to resolve the issue.
KA-3777: Added reporting module event for "User requesting self-device approval" for SSO Cloud
KA-3772: Ensure BreachWatch is granted to linked personal accounts
KA-3716: Modified sync to allow single-record retrieval for the Commander SDK
KA-3798: New "Share Report" API for Vault and Commander SDK
KA-3727: Attempt to add a Trusted User generates a "No Active Share Exist" error message
KA-3710: Admin approvals randomly fail to be received in the Vault
KA-3689: Log Error - error setting master password expiration
KA-3627: Adding an alias for an SSO user fails
KA-3027: Issue causing transferred records to have two owners
KA- 2672: "Removed record permission" event fails to be triggered
KA-3827: Transferring an account can create a "read only" owned record
KA-3767: Unable to logout from SSO Cloud if there is no IdP session id
KA-3842: Commander times out after 30 days
KA-3027: Transferring a record, the new owner deletes the transfer record, went to the original owner's trash can.
KA-3827: Transferring an account can create a read-only owned record.
Release ETA April 12, 2021
Released May 10, 2021
Windows Hello Role Enforcement Policy Role policy for admin to prevent their users from enabling Windows Hello Login. This will launch with the next Admin Console.
KA-3989 and others: Support for Quick and Full sync methods in the Admin Console
KA-4016, KA-4021, KA-3988, KA-3987: Improved Session timeout handling with Browser Extension and Desktop Apps
KA-3970: AU user receives and error message when attempting to empty their trash
KA-3971: Enterprise transactions are being duplicated
KA-3976: Quick syncs are not correctly sending license information for purchased add-ons
KA-3987: Logging into the vault then using using the BE, fails to reset the idle timeout
KA-3988: Logging out after the session token is expired generates an error
KA-3994: Managed Company data is incorrect on full syncs
KA-3995: Attempt to pause a Managed Company fails
KA-4005: Unable to delete a user in the AU data center Admin Console
KA-4003: Throttling error contains "XXX" in the response message
KA-4014: Okta SCIM error - invited user is not deleted on PATCH message
Released on May 19, 2021
KA-4012, KA-3596, KA-4015: Resolved several Sharing and Emergency Access related API calls to eliminate all possible enumeration attack vectors on Login V3. Also resolved confusing error messages and popups within the application when handling the sharing handshakes between users. Note that in order to share records between users, a sharing relationship must first exist and be established. In the case of Enterprise accounts, a sharing relationship between users already exists. A share relationship must be established manually for all consumer users and Enterprise-to-consumer accounts, or Enterprise users between different tenants.
KA-4004, KA-4006, KA-4023: Added additional push notifications and auto-syncing to the Admin Console for MSP tenants to trigger instant updates when MC license changes occur, and for Vault Transfer actions.
KA-4052: Resolved issue where linked Family Plans are not getting enough family member licenses added.
Released on Jun 25, 2021
KA-4097: Australia data center unable to perform Vault Transfer
KA-4077: Support RFC7159 "Accept: application/json" and "Accept: application/scim+json"
KA-4078: Support for Account Recovery of expired free users.
KA-4055: Support for Account Recovery of SSO users with clients implementing Login V3
KA-4103: Vault login not properly redirecting the user to the proper datacenter upon clicking on the device approval link.
KA-3800: Implemented Role Enforcement policies for Record Type creation
KA-4074: Improved Session Invalidation upon the following events:
Changed 2FA
Change master password
User locked by Enterprise Admin
User locked by Keeper Support
Device locked by Enterprise Admin
Enterprise user deleted
User deleted via SCIM
Enterprise deleted
MSP managed company deleted
MSP managed company removed
KA-4080: In case of downstream SMS 2FA provider failure, Keeper can offer support for email delivery of 2FA codes.
Released on Aug 9, 2021
This backend release provides support for the following major capabilities:
Keeper Secrets Manager Provides your DevOps, IT Security and software development teams with a fully cloud-based, Zero-Knowledge platform for managing all of your infrastructure secrets such as API keys, Database passwords, access keys, certificates and any type of confidential data. https://docs.keeper.io/secrets-manager/
GovCloud Support Keeper is going live with AWS GovCloud in the US data center to support FedRAMP compliant environments. AWS GovCloud is designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements. To discuss GovCloud and FedRAMP compliance, please email govsales@keepersecurity.com.
Released on Aug 31, 2021
Released on Sep 16, 2021
Support for the new Compliance Reports feature which goes into Beta Learn more: https://docs.keeper.io/enterprise-guide/compliance-reports
Support for the new Keeper Automator service for automatic SSO Cloud device approvals Learn more: https://docs.keeper.io/sso-connect-cloud/device-approvals/automator
KA-4118: Email delivery rate limiting on Trial signup
KA-4279: Error when moving a user between nodes as a sub-admin
Released on Oct 18, 2021
KA-4220: GovCloud Email device approval link broken
KA-4219: GovCloud Change Email Address function broken
KA-4255: GovCloud Change Master Password email notifications not being sent
KA-4364: Account Transfer of Read Only direct record shares to transferee get elevated permissions (edit/share) for transfer recipient
KA-4264: API to convert non-type records to Record Types
KA-4280: Added Compliance Reports event logs to Advanced Reporting & Alerts module
KA-4298, KA-4300: Vault Transfer support for Record Types records (in Admin Console)
KA-4316: Better handling of connection timeouts when setting up the Keeper Automator
KA-4350: Added support for Devo (SIEM provider)
Release ETA Nov 12, 2021
KA-4354: "Prevent sharing with file attachments" not working if Record Types activated
KA-4378: If you have an existing MC that is the basic plan and then upgrade it to the Plus plan the BreachWatch and ARAM is not being added to the MC. If you down grade the MC from plus to basic they are getting the getting the add ons added when they should not.
KA-3965: Imported users from CSV are receiving email invites even if "disable invites" selected
KA-4106: No email is sent when account recovery is disabled
KA-4305: Partial email and name searching is not working in Share screens
KA-4405: Team-role mapping of Secrets Manager permissions not working
KA-3292: Allowing Libya and Iraq IP address ranges to access the Keeper service
Released on Nov 17, 2021
KA-4442: Security updates to SSO Cloud. SSO Special thanks to the team at SCHUTZWERK for their findings.
Released on Dec 8, 2021
KA-4388: Changing email address in the vault doesn't update immediately on the Console when clicking Sync
KA-4328: Compliance Report bugs when a record is shared to another Enterprise tenant user.
KA-4393: Compliance Report needs to include consumer accounts when a record is shared externally.
KA-4121: Marking a node as isolated from Commander not working
KA-4425: Previous email verification links are not expiring after generating a new one from changing email address.
KA-4118, KA-4424: Email rate limiting
KA-4471: Some users are not found by SCIM GET query
KA-4304: Added additional helpful security information in the "Share" notifications sent through email. The Record UID, Location and device name of the sender is provided.
KA-4389: Provide Team/Group Display Name in SCIM user group queries
Released on Jan 6, 2022
KA-4409: Support for Keeper Secrets Manager new record creation
KA-4467: Secrets Manager triggers proper push notifications on record update and client device changes
KA-4541: Enable record types for all Business customers.
KL-102: Japanese email invite issues with HTML template.
KL-101: Azure Log Analytics endpoint wrong in the Azure GovCloud region
KL-104: ARAM events not being triggered for Secrets Manager events.
Released on Jan 25, 2022
Released on Feb 23, 2022
KA-4391: Shared folder 'Can Manage Users' should restrict editing default permissions for an Admin outside of their node
KA-4411: Share link invites change the Web Vault interface to the wrong language if the users are set to different languages.
KA-4462: File upload issues with multiple devices open
KA-4144: Custom record type changes not generating instant push notifications
KA-4143: Sending a share invite to a user who is hosted in a different data center is sending the wrong email content
KA-4157: Bugcrowd ticket for rate limiting enterprise invite email
KA-4506: WebAuthn hardware key setup from the Admin Console not functional
KA-4229: Improved Commander "keep-alive" function while using the application to prevent user from being logged out suddenly.
KA-4604: Unable to verify RSA ID
KA-4365: Added location information to any email which contains IP address
KA-4144: Added "Login Method" to the ARAM SIEM events so that the Admin knows which method of login was used (SSO, master password, biometrics, alternate SSO master password)
KA-4093: Backend support for new "Stay Logged In" role policy that will allow a Default=ON
KA-4137: Support for Enable Self Destruct role policy
KA-3938: Prevent extra syncing to users when a shared record is simply autofilled
Released on Feb 25, 2022
This update fixed Session Resumption on Keeper Commander and Keeper Azure Function for device approvals.
For Commander users, there is no change required. Persistent login will begin working after the next successful master password login.
For Azure Functions, you'll need to generate a new config.json file from Commander and then upload the file to Azure.
See the link below for step-by-step instructions to update the Azure function config file:
Released on April 4, 2022
KA-4647: SMS delivery issues
KA-4561: SCIM totalResults is incorrect in some cases
KA-4555: Allow SCIM "filter" param to search users by email
KA-4609: Wrong email template sent when user changes email
KA-4444: Missing ARAM event when user added to a default role
KA-4390: Accepting Enterprise Invite needs to send a Push to console
KA-4657: SCIM fails on user PATCH with emails as an Array
Several other bug fixes
KA-4666: Support for Keeper One Time Share
KA-4676: Support for new role policy to change Stay Logged In default to ON
Released on April 8, 2022
Released on May 2, 2022
Released on May 11, 2022
KA-4551: SAML Library updates
KA-3929: FIPS-140-2 Bouncy Castle updates
JA-4717: Java updates
KA-4731: Missing ARAM One-Time Share Expired events
KA-4469: Record Type link changes doesn't sync to affected users
KA-4737: Record Type does not support record larger than 32kb
KA-4752: Errors during onboarding new users on Cloud SSO while migration taking place from SSO On-Prem to SSO Cloud
KA-4760: Azure SIEM export verification issues in GovCloud region
May and June 2022 Releases
KA-4769: An email in 2 regions may get wrong region link from email invites.
KA-4770: Error creating SSO Connect instance
KA-4773: Improved SAML certificate checking
KA-4776: Emptying trash breaks version 3 record file attachments
KA-4109: Issues with password recovery for SSO users that have only have an SSO Master Password
KA-4778: Login issues with account_summary API are generating long delays
KA-4779: SCD Provisioning errors
KA-4570: Added keeper_fill_auto_suggest
policy which controls the Browser Extension "suggestion" feature.
KA-4750: One time share link denied if record is deleted
KA-2620: After a vault transfer, the records were not immediately syncing to the recipient until logout/login.
KA-4788: Fixed email invites during Cloud SSO migration.
KA-4799: Forcing Stay Logged In to ON caused new vault users to error out.
KA-4749: If User A transfers record ownership to User B, then User B deletes the record - it does not appear in the trash.
KA-4863: Scenario where SSO login window closes before the browser extension can process data.
KA-4864: Handling for SSO login browsers where Javascript is not supported, such as with Devolutions integration.
KA-4283: Record Type attachment records or links are not properly restored via revisions or recovery from trash can.
KA-4894: Automator communication improved when the device has network failure issues.
KA-4933: Support for Domain Aliases. For customers who are changing their email domain for all their employees, they can open a support ticket and we can add a Domain Alias. This prevents any issues when changing emails from the identity provider.
Released Sept 2, 2022
KA-4892: Share Admin implementation for Managed Companies
KA-4885: Event record_add not generated if a record is added directly to a shared folder
KA-4912: Incorrect message when deleting a shared-folder-folder
KA-4935: Stay Logged In (persistent login) showing OFF in situations when it's ON
KA-4984: SSO login and logout generates 502 error for some customers
KA-2593: Share Admin feature
KA-4188: Add the owner's email to the ARAM record removal event
KA-4844: MSP to MC Team Sharing
KA-4619: Support for multi-pagination syncing
KA-4832: Support the ability for Keeper Secrets Manager to delete a record
Released on Sept 10, 2022
KA-3849: MSP Consumption Billing model
KA-4989: Give proper error message when out of licenses
KA-4833: Records that were transferred ownership are missing from the “Transferred: User” folder and are placed in the Deleted Items bin.
KA-4998: Certain manipulations with sharing a record and transferring ownership leads to invalid record key
KA-4992: Various security updates from CodeQL findings
KA-5094: Null pointer exception during update_secret calls
KA-5118: Consolidated event reports are throwing errors in Keeper Commander and UI
Released on Nov 23, 2022
KA-4917: Add support for new SIEM providers: Datadog, Logz.io, Elastic
KA-5017: Support for MSP Distributors
KA-5019: Creation of bulk user upload API for Admin Console CSV import
KA-5120: Keeper DNA login broken on the Web Vault
KA-4956, KA-5085: Errors from record linking and record history
KA-5096: Email not being triggered when an enterprise runs out of licenses
KA-4275: Remove from All Shares API / Button in the vault throws error
KA-5078: Improved query performance
KA-4726: SSO Connect bug from NCC Group pen test in October 2022
Released on Jan 20, 2023
KA-5090: Added role enforcement policy MAXIMUM_RECORD_SIZE
to restrict overall Keeper record size. To enforce this policy, please use the Keeper Commander CLI or open a support ticket. When enforced, if the user attempts to create a record with a size greater than the allowed amount, the user will receive the following error message:
KA-4853: Email alias API for Admins. In a future update, the Enterprise Console will allow the Keeper Admin to create an email alias for a user within the organization. This can also be accomplished with Keeper Commander using the enterprise-user --add-alias
feature
KA-5091: Added policy to prevent sharing to a user outside of an isolated node. The enforcement policy code is RESTRICT_SHARING_OUTSIDE_OF_ISOLATED_NODES
and this can be set from Keeper Commander's enterprise-role
command.
KA-4945: Created a new API to View and Restore deleted shared records for all participants.
Records deleted from Shared Folders are difficult for participants to locate, if there are many people who manage a shared folder. They are forced to look in everyone's "Deleted" trash bin, which is not practical. We have implemented new backend features to view and restore deleted shared records.
New ARAM events associated with this feature are below.
shared_folder_restored
User ${username} restored shared folder UID ${shared_folder_uid}
shared_folder_record_restored
User ${username} restored record UID ${record_uid} in shared folder UID ${shared_folder_uid}
shared_folder_folder_restored
User ${username} restored shared folder folder UID ${folder_uid}
shared_folder_folder_record_restored
User ${username} restored record UID ${record_uid} in shared folder folder UID ${folder_uid}
The front-end support for viewing deleted shared records are planned in an upcoming Web Vault and Desktop App release.
KA-4755: IdP-initiated account creation fails when the Vault Transfer policy expiration time has expired.
KA-4888: Missing ARAM event when changing the name of a Managed Company
KA-4786: Records moved out of a shared folder are still showing the "Share" icon in the UI
KA-4428: Enforcement to restrict sharing when a file is attached did not take into account editing the record after initial creation.
KA-4809: Removed ARAM event that was not implemented
KA-5027: User and team searches in sharing auto-suggest UI had bad matches for some search strings
KA-5038: Compliance report is not displaying correctly for Share Admin who gained access to a record from a team.
KA-5117: Duplicate email being sent on account creation
KA-5114: Invited users showing in user criteria filter in Compliance Reports
KA-5112: Transfer Account feature can sometimes cause a transferred record to set the wrong permissions on the record, and sometimes create duplicate records.
KA-5093: If you log in with the an admin assigned to the Keeper Admin role and attempt to move yourself to any other node you are presented with an error that states “you may not move yourself into an SSO-enabled node. Please contact keeper for assistance.
KA-5023: If an SSO Cloud user is deleted from Enterprise console, logging into Android via IDP no longer properly onboards the user (an error dialog appears, user is unable to progress).
KA-4543: Error on Android devices when onboarding through SSO Cloud
KA-5193: Team member is able to incorrectly delete a Shared Folder without proper levels of permission.
KA-5187: Github ticket on Keeper Secrets Manager: record can be created with read-only app permissions.
KA-4937: Added throttling on SAML requests via SSO Cloud to prevent spamming. By default, the throttling logic is > 10 requests within 10 seconds. If 10 seconds passes since last request, the count resets. When throttled, response will be a 403 with a message indicating throttling.
KA-4919: Added additional throttling on Keeper Secrets Manager APIs including add_file, create_secret, delete_secret, update_secret, get_secret.
KA-5175: New and improved "welcome" emails when signing up with a trial or purchase
KA-5145: At the request of customers, we have removed MSP Share Admins from the Managed Company's sharing autosuggest list.
Released on Feb 27, 2023
KA-5165: A change was made to prevent users outside of the SSO-enabled node to login with the designated SSO provider. If you have users experiencing issues logging in, ensure that the user has been provisioned to an SSO-enabled node. From the Admin Console, edit the user profile and select the proper node from the node tree drop-down.
KA-5219: Sharing enforcement policy not working on Team-Role mapped users
KA-5204: Account Transfer failing for users with all "general" record types
KA-5248: Unable to delete a pending enterprise invited user from the console
KA-5255: Transfer Records sends one email per record
KA-5274: Compliance reports generating 500 error for some environments.
KA-5297: When a shared folder is shared via a team, the sync response does not include team data that is needed to decrypt the shared folder. This is occurring in both partial and full syncs.
KA-5257: IP whitelist ranges are limited in the total number of ranges. The number of ranges needs to be increased.