Admin Console
The Keeper Admin Console is a web-based application for Business, Enterprise and MSP administrators to manage their Keeper deployments.
Preview Release
Early access Preview (pre-release) Keeper Admin Console
Admin Console Preview
In order to access the Keeper Admin Console preview, please use the below links:
US: https://keepersecurity.com/console/preview EU: https://keepersecurity.eu/console/preview AU: https://keepersecurity.com.au/console/preview JP: https://keepersecurity.jp/console/preview CA: https://keepersecurity.ca/console/preview GovCloud: Preview not available
If you encounter any issues with the preview, please email feedback@keepersecurity.com.
Admin Console 17.2.0
Released on March 6, 2025
New Features
Added a Net Promoter Score form to the Admin Console to capture user feedback
Improvements
Changed the default sort on the Security Audit screen to show highest scores first
Added user email to username on Security Audit screen
User experience to enable inheritance for the default Keeper Admin role is updated for clarity
Bug Fixes
Resolved issue that caused a white screen on viewing invoices
Resolved issue with click area being too large for the Add Licenses button
Resolved issue that showed incorrect Master Password strength for trial users
Resolved issue that allowed the Subscription Manager role to modify Administrative permissions
Resolved an issue on the Risk Management Dashboard that showed erroneous test for low license counts
Fixed table header alignment on the Security Audit screen
Resolved issue that showed empty error when required fields are not provided when adding a new user
Fixed spacing on the Users tab when the user has statuses that span multiple lines
Fixed an issue that showed a blank modal when attempting to delete a role with users in it
Fixed an issue that showed incorrect number of occurrences for ARAM alerts
Fixed an issue that allowed an admin to create multiple teams and roles with the same name
Fixed an issue that prevented user statuses from correctly updating during free trials
Admin Console 17.1.0
Released on Feb 13, 2025
Get started by setting up your KeeperPAM sandbox! Visit here to begin.
KeeperPAM is now available for all customers. Keeper Admin Console 17.1 and newer is required to access the new privileged access management features.
For more information on KeeperPAM, visit the following:
New Features
Connections - instantly and securely access assets within their target infrastructure
Currently only Supported on Keeper Commander
PAM Enforcement Policies (RBAC) - PAM enforcement policies to enable and configure PAM feature permissions
Improvements
Additional 2FA Options: 12 hours and 24 hours
Bug Fixes
Resolved issue where changing email is causing active user to be logged out
Resolved issue where certain Secrets Manager fields are not showing on the ARAM tab
Resolved issue where default password policy was set to 8 instead of 20
Resolved issue with Azure Sentinel SIEM integration
Other minor fixes and improvements
Admin Console 17.0.0
Released on Feb 5, 2025
Bug Fixes and Improvements
EM-5995: Security updates
EM-6981: Fixed an issue that resulted in an error when adding a Managed Company (MC) to a Managed Service Provider (MSP)
EM-7025: Fixed an issue that resulted in an error when adding a user to a Managed Company (MC)
EM-7077: Fixed an issue that prevented setting up an Azure Sentinel SIEM integration
EM-7100: Changed the title of Exabeam SIEM to LogRhythm to reflect the effect of the Exabeam-LogRhythm merger
Admin Console 16.19.0
Released on Nov 23, 2024.
Features
Risk Management Dashboard
Keeper's Risk Management Dashboard feature is a powerful new feature of the Keeper Admin Console that provides comprehensive security posture information covering end-user deployment, utilization, cloud configuration, and event monitoring. This critical data helps administrators ensure that risks are remediated and compliance is enforced effectively. Documentation on this new feature can be found here.
Bug Fixes and Improvements
EM-6779: Fixed an issue that caused some users attempting to log in to the Admin Console from the Keeper Security landing page to get stuck in a login loop
EM-6782: Fixed an issue that prevented users from de-selecting allowed password separators for a domain under the Record Passwords role policy
EM-6790: Fixed an issue for MSPs that prevented the user from updating the Secure Add-Ons selection when changing Base Plans
EM-6624: Fixed an issue that impacted adding administrative permissions on a new role
EM-6754: Fixed an issue that displayed a white screen when users navigated to the Teams tab
EM-6778: Fixed erroneous links on the Connection Manager tab
EM-6765: Fixed an issue that prevented users from editing the Retention of Deleted Records policy under Vault Features
EM-6765: Instated limits on the length of user name permitted on a new user invite
EM-6806: Fixed Bugcrowd report regarding the validate_master_password endpoint
EM-6826: The button to copy a record UID deep link now intelligently pastes the value elsewhere in the Admin Console, depending on the target text field. If the target text field expects just the UID (not the entire deep link), only the UID value will be pasted
EM-6758: Fixed an issue that caused the Omni Search text box to pop out inappropriately
EM-6859: Enhancement to only show available roles for the selected node
EM-6868: Fixed an issue that caused the Active Directory or LDAP Sync provisioning method to incorrectly show text to ‘Download SSO Connect On-Prem’
EM-6866: Updated SIEM partner names and logos to be up-to-date on the External Logging tab under Reporting & Alerts
EM-6834: Added support for region selection for AWS S3 SIEM configuration
EM-6772: Updated SSO IDP names to be up-to-date
EM-6785: Changed the Send BreachWatch events to external SIEM solutions role policy under Vault Features to be on by default
EM-6648: Tool tip for Offline Mode role policy updated to state that maximum allowed offline time is 30 days
EM-6901: Fixed an issue that caused some user browsers to cache an outdated version of the Admin Console
EM-6899: Added a visual indicator that is displayed when a Reset Scores request is being processed on the Security Audit tab
EM-6902: Fixed an issue that caused stability issues for users with multiple Admin Console browser tabs open
EM-6692: Fixed an issue that caused the Test Connection link to malfunction on the External Logging section under Reporting & Alerts tab
EM-6897: Replaced ‘null’ and ‘unknown’ values for ARAM event location with ‘Internal’
EM-6907: Fixed an issue that incorrectly showed the text ‘Icon Approved’ instead of the actual approval icon when a device was approved from an email
EM-6870: An explicit error message is now displayed if a non-root Admin tries to configure External Logging
EM-6910: Fixed an issue that showed an error message on the login screen if the user approved a Duo 2FA request on their phone
KA-6310: Updated BouncyCastle encryption library to recently certified new cryptographic module
Admin Console 16.18.7
Released October 8, 2024.
Features
Fresh New Look for Security Audit
The Security Audit tab of the Admin Console has been updated with a fresh new design that makes it easy to identify areas that need your attention.
The Overall Security Score calculation logic is unchanged and features prominently at the top of the Security Audit tab. The security areas that factor into the score (strong record passwords, unique record passwords, and 2FA status) are shown as separate cards below the Overall Security Scores. If a card is at a 100% score (all records have strong passwords, no reused passwords exist, or 2FA is enabled for all users), the card will be in a collapsed state. Otherwise, the card will be expanded to include additional details.
New Record Password Strength Categories
The user details table now has four Record Password strength categories that match the Vault: Weak, Fair, Medium, and Strong. The table is sorted by default on the users’ overall Security Audit score, showing users with the lowest Security Audit score first. You can reverse this sort order or sort instead on the user's name, password strength, resued passwords, or two-factor method.
Additionally, you can filter the table on the following fields:
Record Password Strength: Strong, Medium, Fair, or Weak
Unique Record Password: Resued or Unique
2FA: Text Message, Authenticator App (TOTP), Smartwatch (KeeperDNA), Security Keys, RSA SecurID, Duo Security, or No 2FA
Refreshing Security Audit Scores
This release provides administrators an easy way to refresh security scores on the UI without having to log out of the Console and log back in. The ability to refresh scores is useful when the admin is expecting users to log into their Vaults to have their latest security scores sync with the Console. When the user has logged into their Vault, the admin needs to simply click the Refresh Scores button to sync the latest scores to the Console.
Resetting Security Audit Scores
Administrators can now easily reset security scores from the UI if the scores have gotten out-of-sync with user Vaults. The administrator can either reset scores for the entire enterprise using the Reset Scores button on the Security Audit screen or for specific users. Please note that only Root Admins can reset the Security Audit score.
The Reset Scores button on the Security Audit screen will reset scores for the entire enterprise. Once the scores are reset, users will need to log in to their Vaults for the scores to sync to the Admin Console due to the constraints of Keeper’s Zero Knowledge architecture.
Alternatively, the administrator can navigate to the User Details modal and select Reset Security Score under User Actions to reset individual users' Security Audit scores. As is the case with performing an enterprise-wise score reset, once the scores are reset, the user will need to log in to their Vault for the scores to sync to the Admin Console due to the constraints of Keeper’s Zero Knowledge architecture.
Bug Fixes
EM-6734: Fixed an issue that would cause the browser to crash for large Security Audit datasets
Known Issues
The Security Audit screen does not load security data for some users due the browser not detecting the updated Admin Console version. Please follow the browser-specific steps below to clear site data to resolve this issue.
Chromium-Based Browsers (Chrome, Edge, Brave)
Log in to the Admin Console
Open Developer Tools
Navigate to Application > Storage
Click Clear site data
Firefox
Navigate to menu button (three horizontal bars) > Settings
Navigate to Privacy & Security tab > Cookies and Site Data section > Manage Data button
Search for ‘keeper’ > select the keepersecurity.com search results > click Remove Selected > click Save Changes
Confirm the removal by clicking the Remove button
Admin Console 16.18.0
Released May 2, 2024
Features
EM-6011: Password, Passphrase and Symbol Policies
We're excited to launch our expanded role policies for the new password generator and passphrase generator. In the user interface, the old generator policy settings have moved into a new section called "Record Passwords".
This feature contains many new capabilities, including:
Default Password Policy
Default Symbol Policy
Default Passphrase Policy
Domain-Specific Password and Symbol Policy
Domain-Specific Passphrase Policy
With this update, the password generator (of supported vault applications) will use the "Default" policy unless a domain-specific policy has been set. Previously, customers needed to use wildcards (*) to apply a default policy at the domain level. This change ensures that a default policy can be established, without the requirement of a domain to be saved on the Keeper record.
The new corresponding Password and Passphrase generator on the vault user interface is rolling out to all platforms, beginning with the Keeper Web Vault and Desktop App version 16.11.0. The browser extension, iOS and Android apps will also support the new generator policies in an upcoming release.
EM-6303: New policy "Can share outside of isolated nodes"
EM-6257: Added the ability to have a custom port for SIEM Syslog push
EM-6088: Added new ARAM event "Created Alternate Master Password"
Improvements
EM-6420: Displaying ARAM events
syslog_app_client_folder_deleteandsyslog_app_client_folder_updateEM-6537: Added email address to display of Vault Transfer screen
EM-6533: Implemented improved Duo API communication with backend to reduce dependency on push notifications
Bug Fixes
EM-6318, EM-6275: KSM Licensing information is displaying properly for API-based units.
EM-6306: "Removed Team from Folder" event is showing Team Name instead of Folder UID
Several UI, localization and visual issues
Admin Console 16.17.1
Released on Mar 27, 2024
Admin Console 16.17.0
Released on Mar 21, 2024
Overview
This release provides several bug fixes and UI improvements to business and enterprise customers.
New Features
Onboarding
New Console Onboarding experience that enables Keeper Administrators to get up and running quickly and easily
UI Refresh
Refreshed UI for the following areas:
Nodes
Users tab, table, drawers
Roles tab, table, drawers
Teams tab, table, drawers
2FA tab, table, drawers
Provisioning tab, table, drawers
Usability
Various Console usability improvements, including:
Additional Identity Providers available in Single Sign-On settings
New edit button directly on Cloud SSO page
Edit provisioning settings by clicking anywhere in the row
Email is now displayed in user list dialogs
New copy button next to email in user dialog
Added status for Transfer Policy acceptance in user detail dialog
Added status for 2FA in user detail dialog
Role name is now shown in upper left corner when editing role policies
Users are now sorted alphanumerically in role listing
Other Improvements:
Implemented a prefix based mapping for SCIM groups to roles
Added ability to duplicate roles
Improved consistency of inactivity logout timer settings
Added enforcement policy to prevent role duplication
Added enforcement policy to require PIN for security keys
Gradient MSP PSA Billing integration is now available to distributors
Bug Fixes
KA-5666: Fixed an issue with calculating KSM usage by tier
EM-5756: Fixed an issue that caused objects with long names to be excluded from search results
EM-5802: Fixed an issue with displaying ARAM alerts for expired/inactive licenses
EM-5843: Fixed an issue that caused deleted roles to continue to be displayed within user details pages
EM-5588: Fixed an issue that caused unlinked data to remain in the database after deleting role enforcements
EM-5944: Fixed an issue where CSV downloads were susceptible to code injection in older versions of Excel that have Dynamic Data Exchange enabled
EM-5257: Fixed an issue that prevented notifications from appearing in the console when 2FA is disabled for a user
EM-6131: Added more detail to the error message displayed when attempting to add a user with an email address that has already been used
EM-5782: Fixed an issue that caused admins to be prompted for approvals in incorrect nodes
EM-6092: Added page number to screens with multiple page results
EM-6045: Fixed an issue that caused incorrect navigation when adding a recipient to an existing alert
EM-6074: Admins can now update settings for active SIEM integrations
EM-6185: Improved hardening against MITM attacks
EM-6234: Updated the behavior of dependent enforcement settings to actually change related settings along with disabling the dependent UI elements
Admin Console 16.16.0
Released on Jan 15, 2024
Overview
This release provides two major features to business and enterprise customers: Granular Sharing Enforcements and Security Key as the Only 2FA Method.
Granular Sharing Enforcements
KA-5689: Keeper's Granular Sharing Enforcements enable administrators to apply detailed restrictions for record creation and sharing to user roles. Administrators can configure these enforcements in the “Creating and Sharing” section within role enforcement policies.
Video: Granular Sharing Enforcements
Security Key as the Only 2FA Method
KA-5628: Keeper Administrators can now enforce the use of a hardware-based security key as the only two-factor method via a role enforcement policy setting. Additionally, administrators can now require a PIN to be entered in conjunction with the key, for FIDO2 user verification. Click here for more information on FIDO2 Security Keys.
Video: Security key as the Only 2FA Method
Important Notes Regarding Security Key Enforcement
Enforcing the use of a FIDO2 hardware security key has several implications for users which admins need to be aware of. The below items are updated as of January 15, 2024.
Support for enforcing a FIDO2 Security Key can vary based on the device operating system and device firmware capabilities.
Keeper on iOS requires using NFC keys.
The activation of security keys as the only factor requires the use of the Web Vault or Desktop App. Enrollment of security keys as the only factor on iOS/Android will be rolled out in a later release.
Some components of the mobile application do not support NFC hardware keys natively, such as iOS app extensions (during Autofill functions). Keeper's iOS team has a workaround for this issue in development, and this update will be published at the end of January 2024 with Keeper iOS Version 16.10.10. The solution is to extend the login session between iOS main app and iOS autofill extension to reduce the need for re-authentication.
The PIN requirement is supported based on the capabilities of the device. As of this writing, mobile OS support for PIN enforcements is limited. We do not recommend enforcing the PIN if users are accessing Keeper on their mobile device.
Admin Console 16.15.0
Released on Sep 12, 2023
New Features
KA-4724: Support for Cloud SSO SAML Parameter ForceAuthn in the SSO cloud configuration screen. When ForceAuthn="true" is set in the SAML request, the Service Provider (Keeper) is telling the IdP that even though the user is already authenticated, they need to force a new authenticated session.
EM-4577: Support for Unverified Certificates in the setup of Splunk, Syslog, QRadar and LogRhythm.
EM-5071: Add role enforcement policy "Prevent Keeper Family License Invites" which restricts the users from creating a free family license.
EM-5850: Support for Brazilian Portuguese
EM-5278: Add node path for each user in the exported Security Audit Report
EM-5926: Add 12-hour and 24-hour 2FA time durations
EM-5242: Allow the creation of MSP and Enterprise free trial signups on a mobile device. Previously this was limited to desktop browsers.
EM-5236: Login screens with new feature promotion content
Bug Fixes
KA-4144: Record type changes were not syncing to the console without clicking the sync button
EM-4750: SSO user asked for Master Password when clicking into Admin Console sometimes.
Admin Console 16.13.2
Released on July 5, 2023
Features
EM-5804: Implemented RESTRICT_IMPORT_SHARED_FOLDERS enforcement to restrict importing LastPass shared folders from the desktop application.
Bug Fixes
EM-5701: The "Last login" data was empty in the user status report on the Admin Console when there are more than 1,000 users.
EM-5770: There were times in which logging into the Admin Console does not approve pending team users. The user must click on “Full Sync” in order for the users to be approved.
EM-5685: Pagination selector on user list goes off the screen
EM-5610: In the Compliance Reports section, the Admin is able to click the "save" filters button multiple times and have a filter created for each click
EM-5838: In GovCloud region, activating Secrets Manager rotation policy generates white screen.
Various language and UI fixes
Admin Console 16.12.0
Released on May 2, 2023
Features
EM-5703: Implementation of Recovery Phrase. We have upgraded our account recovery process with a new and more secure 24-word “recovery phrase” feature. Read more on the Keeper Blog.
With this update the existing setting to disable Account Recovery now applies to legacy security answers in addition to the Recovery Phrase method.
Note the following:
Users who currently have a security answer will be prompted to replace their security question/answer with an auto-generated 24-word recovery phrase.
If you have this policy disabled already, users will not be prompted.
If you change the policy to restrict recovery phrase, the effect is immediate on all users.
If you
Bug Fixes
EM-5758: The SSO Master Password policy language and functionality has been updated slightly. Previously, users who created an SSO Master Password were able to use this login method even after the Admin enforced the policy. Now, users are unable to login or create master passwords if this policy is enforced. The language on the user interface has been updated to reflect this information.
Admin Console 16.11
Released on April 19, 2023
Admin Console 16.10.3
Released on Jan 3, 2023
Admin Console 16.9.0
Released on Oct 20, 2022
Features
Share Admin Keeper's Share Admin feature is a role-based permission that gives administrators elevated access rights over your organization's shared folders and shared records. Share Admins have full user and record privileges for any shared record that they have access to. See: https://docs.keeper.io/enterprise-guide/share-admin
Bug Fixes
EM-5569, EM-5581, EM-5557, EM-5587, EM-5590, EM-5608, EM-5602: Multiple layout or visual issues
EM-5605: Remove "include myself in team" when MSP is logged into MC console and creating a team.
Admin Console 16.7.1
Published on May 24, 2022
Features
EM-4860: Role Enforcement: Set Stay Logged In default setting to "On" for new users in this role
EM-4881: Role Enforcement: Enable "Self Destruct" for users in this role
EM-5291: Mask prices on enterprise receipts when enterprise licenses sold through a distributor or reseller
Bug Fixes
EM-5321: SSO migration status shows "complete" immediately after configuration
EM-5092: ARAM timeline events with low numbers are displayed incorrectly
EM-4933: Missing descriptive text on "forgot password" screen
EM-4852: User able to create a role with a blank name
EM-5287: Persist hover controls on role detail screen
EM-5268: Display issue with node selector
EM-5328: Console screen freezes when trying to unlock a locked account
EM-5342: MSP Console screen goes blank when selecting license allocation history
EM-5343: Incorrect expiration date on subscription banner
Admin Console 16.7
Released on May 4, 2022
Admin Console 16.6
Released on March 31, 2022
Features
EM-5178: Automated SSO Migration from On-Prem to Cloud
More information about the migration tool can be found here:
https://docs.keeper.io/sso-connect-guide/sso-migration-to-cloud
The Admin Console allows the creation of SSO Connect and SSO Connect Cloud on same node on provisioning screen and will display the status of migration to cloud.
Please request a support engineer for assistance with migration before you start the process.
EM-5159: Redirect method for SSO login
With this change, users who login to the Admin Console with SSO will login with a URL redirect (similar to the Web Vault) instead of a popup window. This change prevents timing-related issues with login.
Bug Fixes
EM-5007: Changing a user's name is not showing in search results
EM-5086: Admin Console throws errors when approving SCIM users and teams.
EM-5222: Show the authentication method used in ARAM login events.
EM-4895: Users imported through CSV not being assigned to specified role
Admin Console 16.2
Released on Jan 6, 2022
Features
EM-4704: Keeper Secrets Manager
Keeper Secrets Manager provides your DevOps, IT Security and software development teams with a fully cloud-based, Zero-Knowledge platform for managing all of your infrastructure secrets such as API keys, Database passwords, access keys, certificates and any type of confidential data.
Product Overview
Documentation for Secrets Manager
Admin Console 16.1.1
Released on Nov 11, 2021
Bug Fixes
EM-5068: Transfer Account fails with 'authentication tag not found'
EM-5060: Upgrading to an existing Managed Company to "Plus" plan does not add the add-ons
EM-5059: Drag and drop a company logo is not working
EM-4957: When MSP admin creates an alert for a managed company, they cannot select an alert frequency.
EM-5070: Showing "Unknown login error" when the user's device is locked
EM-4876: Column names on security audit report are not localized
EM-4468: Adding a custom email invite with too much text is failing on save
Improvements
Clarified the meaning of the "Prevent users from creating identity and payments records" setting.
This setting will only apply to the identity and payments section of the vault. If users still have access to “Address” and “Payment” record types, they will be able to create those records. To disable, navigate to the “Record Types” section of the appropriate role policy.”
Added Devo as a SIEM provider
Admin Console 16.1.0
Compliance Reports and Record Types Release for General Availability
New Features
Compliance Reports (General Availability)
Note: This feature is available for Business and Enterprise customers only. It will be available for MSPs and their managed companies when MSP Consumption Billing is launched.
Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package. (See Admin Console 16.0.0 release notes or "Compliance Reports" section of the Enterprise Guide for more details on the feature.)
Note: Record types will automatically be activated when Compliance Reports is activated as a trial in the Admin Console, or purchased through sales. Record types may not be available yet for iOS and Android devices.
Record Types Controls (General Availability)
Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node. (See Admin Console 16.0 release notes or "Compliance Reports" section of the Enterprise Guide for more details on the feature.) To effectively turn off Record Types for your enterprise, create a default role at your enterprise root node and assign a record types enforcement policy that turns off all record types except "General", then assign all enterprise users to this default role.
New Reporting and Alerting Events (General Availability)
See release notes for Admin Console 16.0.0 for the list of new Advanced Reporting and Alerting events logged in support of the new features in this release.
Bug Fixes
EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
EM-4958: Not logging Compliance Reports “exported report” events to ARAM.
Known Issues
EM-5057: Records shared outside the enterprise to consumers will not show the consumers listed in the report. The records shared with consumers will be listed as "shared" in the report but the consumer user names and permissions will not be shown.
EM-5056: Some Folder and Record UIDs are not translating correctly when exporting CSV records files to Microsoft Excel.
EM-4884: Custom record type template changes are not automatically reflected in the Admin Console without a manual sync or administrator login.
EM-5041: User Reports that are exported before the Compliance Report is generated and saved, are not logged as ARAM events.
EM-5053: Custom URL fields in records are not captured in Compliance Reports.
Admin Console 16.0.0
Released to production on Oct 18, 2021
New Features
🇺🇸 Support for AWS GovCloud (FedRAMP)
Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.
Record Types Admin Controls
Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.
Compliance Reports
Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.
Security Model for Compliance Reports
To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:
Record Title
Record Type
URL
Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.
New Reporting Events
The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.
New ARAM Events
Event
Category
Description
compliance_report_saved
compliance
Compliance report UID ${app_uid} saved by ${username}
compliance_report_downloaded
compliance
Compliance report UID ${app_uid} downloaded by ${username}
compliance_report_exported
compliance
Compliance report UID ${app_uid} exported by ${username}
compliance_report_deleted
compliance
Compliance report UID ${app_uid} deleted by ${username}
saved_criteria_saved
compliance
Compliance report criteria UID ${app_uid} saved by ${username}
saved_criteria_edited
compliance
Compliance report criteria UID ${app_uid} edited by ${username}
saved_criteria_deleted
compliance
Compliance report criteria UID ${app_uid} deleted by ${username}
record_type_created
policy
Admin ${username} created record type "${name}"
record_type_updated
policy
Admin ${username} updated record type "${name}"
record_type_deleted
policy
Admin ${username} deleted record type "${name}"
Bug Fixes
EM-4867: Renew button is not active on expired accounts
EM-4871: Node and device type attributes for ARAM not working
EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen
EM-4878: Expired accounts cannot pay on the Administrator Login screen
EM-4904: Event types in ARAM reports erroneously displaying scroll bar
EM-4875: Deleted users saved to ARAM report results in white screen
EM-4899: Adding role to a user does not display until admin logs in or manually syncs
EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date
EM-4930: Not able to delete users from enterprise
EM-4944: User can change email address without a correct master password
EM-4953: ARAM BreachWatch events are not being listed correctly
EM-4971: Getting server failure when attempting to move a user to a new node
Known Issues to be fixed before General Availability
EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.
EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
EM-4958: Not logging Compliance Reports “exported report” events to ARAM.
Older
Releases notes older than last 10 releases
Older release note content is still available, but anything older than the last 10 updates is placed here.
Admin Console 15.3.3
Released on June 22, 2021
Features and Improvements
EM-4629: Added Role Enforcement to disable Windows Hello
EM-4550: Added clarification to Data Center chooser on registration
EM-4804: Node names not appearing in ARAM events for Created Node
EM-4786: New managed companies showing %NaN
EM-4511: ARAM Timeline report UI issues
EM-4435: Usernames are duplicated in ARAM filters
EM-4810: Improved UI of dashboard when logging in
EM-4720: New Role Policy to Automatically resend invites every X days
EM-4859: Console freezes if queued user approval contains user that was deleted
EM-4843: Inconsistent mouse hover treatment on Create Team link
EM-3409: Include Date and Time on the User Report
EM-4708: Prevent deletion of nodes that contain Managed Companies
Bug Fixes
EM-4811: MSP License Pool does not update on Quick Sync
EM-4808: Transfer Status does not update on Quick Sync
EM-4596: IP Blocked events not appearing in ARAM
EM-4515: Removing Record from Shared Folder not appearing in ARAM
EM-4731: ARAM alert webhook translations not correct
EM-4778: Export users on large data set fails
EM-4762: Searching for user not always showing the best match
EM-4380: Error logging in with Legacy Edge
EM-4836: Transfer Account fails silently on corrupted records
EM-4841: Last 24 hours timeline chart not showing properly
EM-4853: Isolated nodes are losing setting on logout and login
EM-4644: Security Audit Tab some users are invisible
Admin Console 15.3.0
Release ETA on May 20, 2021
New Features
Webhooks
Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.
Popular uses of Webhooks are the following:
Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms
Integrating Keeper events into your custom software, hosted in the Cloud
Developing integrations into Keeper using 3rd party platforms
More Info available here: https://docs.keeper.io/enterprise-guide/webhooks
Improvements
Performance improvements for customers with a large user base (tested with over 200,000 users)
New Incremental and Full Sync capability.
Additional Real-Time pushes of incremental changes with push notifications (for example, when users are added/invited/created you don't need to click "Sync")
Display of Node Isolation setting within the user interface
New enforcement policy to disable Security Question & Answer (Account Recovery)
As a reminder, there is a new enforcement policy to disable HTTP Fill warnings on the Browser Extension. This is helpful for developers and internal websites that don't use SSL.
Bug Fixes
EM-4624: Selecting non-US country for alert phone number results in invalid phone number
EM-4584: Timeline Chart does not reflect changes when the various time ranges are selected
EM-4139: BreachWatch events in Timeline Chart are not visible
EM-3398: "Removed User from Team" and "Removed User from Role" events are missing from ARAM event types
EM-4361: White screen appears after adding user to a team
EM-4633: User receives error message when the default role check box is selected
EM-4635: The root node is named "root" rather than the organization name
EM-4637: Admins unable to view ARAM section of console
EM-4642: A white screen appears when selecting Managed Companies section of console
EM-4641: A crash occurs when searching for or clicking on a user from the Roles tab
EM-4647: A white screen appears when attempting to create a custom report in ARAM
EM-4643: The user's billing history is not appearing in the Subscriptions menu
Admin Console 15.0.5
Estimated Release Date: December 18, 2020
Improvements
EM-4424: Addition of a KeeperFill role enforcement policy that enforces all settings/features of the Browser Extension
Bug Fixes
EM-4556: Syslog push sends the wrong TLS setting to the server
EM-4559: Sending Keeper Push on a non-SSO account on console generates a reference error
EM-4562: 2FA duration enforcements are not enforced on clients
EM-4567: Admin gets a white screen when they receive a device approval request from a user they don't manage
EM-4569: Selecting "Deny" on device approval request generates an error in the inspector
EM-4570: Unable to create a trial when linking from an iframe in a 3rd party site
EM-4574: Change Master Password request fires twice
EM-4554: Opening console login page in new window when "stay logged in" is enabled, a blank console screen appears
EM-4544: Account_Recovery is displayed as a key value in ARAM event types
EM-4540: Account recovery dialogue displays incorrect error text
EM-4529: Admin's changed email is not displayed at login when "Stay logged in" is enabled
EM-4507: Master Password Expiration and Logout Timer enforcements are missing duration descriptions
Admin Console 15.0.4
Estimated Release Date November 4, 2020
Bug Fixes
EM-4390: Admin unable to delete Cloud SSO configuration instance
EM-4364: Logging into a console that contains requests in the approval queue generates an error message
EM-4460: Reloading the "Create Trial" page does not allow the user to enter an email address
EM-4456: Key value is displayed for the "Disable in-app onboarding" enforcement policy event in ARAM
EM-4455: Key value is displayed for the "Restrict persistent login" enforcement policy event in ARAM
EM-4454: Key value is displayed for the "Restrict commander access" enforcement policy event in ARAM
EM-4451: Admins are unable to edit an existing custom email invitation
EM-4450: No error message is presented to the Admin in their attempt to remove themselves from the Keeper Admin role
EM-4263: Inviting a reserved domain user triggers an incorrect error message
EM-4423: User receives no feedback on team keys they can't retrieve (due to legacy issues)
EM-4469: After turning 2FA off, the setting appears to remain on until the Admin logs out/in
EM-4490: "Pending Transfer Acceptance" status is not displayed when a user is added to the transfer role
EM-4479: Reset security question tool tip unexpectedly closes when the user attempts to select the presented link
EM-4476: Key value is displayed for the "out of seats" event in ARAM
EM-4501: Login with Yubikey generates persistent "Touch Security Key" dialog and generates error message
EM-4502: User searches for roles in the "User Details" screen are case sensitive
EM-4497: Admins are unable to select user details for users that are in an invited/blocked state
EM-4506: Cache race condition causes users that are added/removed from a team to fall out of sync
EM-4508: A white screen containing errors is displayed when an user selects toggle for the auto logout timer enforcement policy
Admin Console 15.0.3
Release ETA October 16, 2020
Features and Improvements
EM-4148: Search for Roles Feature - Admins now have the ability to search for a role within the "Add User" dialogue by entering a search string to quickly locate and add a user to a desired role. This is particularly helpful for customers that have many roles and their workflow requires adding one or more roles to a single user.
EM-4471: Support for SAML 2.0 IsPassive option in Cloud SSO
Bug Fixes
EM-4385: Error message fails to appear when Admin attempts to configure Cloud SSO in the root node
EM-4378: User is logged out when submitting empty text field(s) in attempt to reset their security question or change their email
EM-4377: Eyeball icon fails to reveal password in Reset Master Password screen
EM-4284: RSA SecurID screen notifies the user a text message has been sent rather than requesting the 2FA code
EM-3880: A 400 error is generated for Save_summary_security_report when a user attempts to login to MC from MSP
EM-4054: Incorrect error message appears when Admin attempts to move a parent node into a child node
EM-4444: User unable to reset their security question when 2FA is enabled
EM-4462: User is unable to close backup code screen upon setting up SMS method for 2FA
EM-4484: White screen and error in inspector appear when user toggles on the logout timer role enforcement policy
EM-4413: Improved web socket handling
EM-4421: "Stay Logged In" language and feature is reversed
EM-4416: No submit button when creating business trial
EM-4387: Translations missing on SSO Connect view screens
EM-3876: Share event type in ARAM has duplicate name
EM-3820: Emails with slash "/" not receiving email invite
EM-3701: Email is saved even when "remember email" is unchecked
EM-4436: No security audit data in admin console for new Managed Company
EM-4452: Commander SDK platform not enabled by default (reversed)
EM-4465: Login with Yubikey fails on Firefox browser
Known Issues
The next release, v15.0.4 will contain the following fixes:
EM-4405: SSO Login with Edge issues
EM-4380: Login with Legacy Edge issues
Admin Console 15.0.2
September 2, 2020
Admin Console 15.0.1
Released September 1, 2020
Enhancements & Benefits
EM-4446: "Deny" button has been added to the Device Approval Screen
EM-4398: Addition of persistent session enforcement policy
EM-4394: Addition of disable onboarding enforcement policy
EM-4365: Support for new methods of Device Approval (Keeper Push, Admin Approval)
EM-4206: Addition of session persistence setting, allowing Admin to stay logged into Keeper when they close their browser or restart their computer
Bug Fixes
EM-4427: Entering characters in the IP address(es) allowed field causes a crash and generates errors
EM-4419: DUO push fails on "Forgot Password" flow
EM-4418: User receives error attempting the "Forgot Password" flow after entering new password
EM-4328: White screen appears upon entering approval queue after deleting last user approval request from list
EM-4232: During the account recovery flow, the user's cursor defaults to the second field of the new password screen.
Various design errors and inconsistencies
Admin Console 15.0.0
Released September 3, 2020
Features & Benefits
Keeper SSO Connect™ Cloud leverages Keeper’s zero-knowledge security architecture to securely and seamlessly authenticate users into their Keeper Vault and dynamically provision user vaults to the platform. Keeper supports all popular SSO IdP platforms such as Okta, Microsoft Azure, Google G Suite, Centrify, OneLogin, Ping Identity, and more. This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console. More information available here: https://docs.keeper.io/sso-connect-cloud/
Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3
Bug Fixes
EM-4360: Device approval events in ARAM reports are displayed as key values
EM-4352: SAML Debug Log is incorrectly sorted from oldest to newest
EM-4341: User unable to change Cloud SSO service endpoints
Various design inconsistencies
Admin Console 14.5.0
Released June 10, 2020
Features & Benefits
Privacy Screen - Admins now have the ability to control the viewing (unmasking) of passwords based on a specified domain. This policy is enforceable by the Admin for individual domains within each of their Generated Password Complexity settings by enabling "Apply Privacy Screen".
Master Password Re-entry Enforcement - This role enforcement allows Admins to require their users to re-enter their Master Password in order to unmask or copy a password. Once unmasked, the password will be re-masked after 30 seconds have passed.
Sharing & Uploading Enforcement Policy - This role enforcement policy allows Admins to prevent their users from importing records from Web App and Desktop App.
Auto-Approval of Teams in the Admin Console - Rather than requiring a manual approval from within the approval queue, queued teams (via SCIM and Bridge) are now automatically approved. Additionally, active users will automatically be added to their relevant teams.
Bug Fixes
Fixed: Managed Companies are not being added to the intended node.
Fixed: Restrict import enforcement events are displayed as a key value in ARAM.
Fixed: There are no available attributes for the user to select from the dropdown menu in the SCD Provisioning dialog.
Fixed: Error message received when an Admin attempts to move a Managed Company to another sub node.
Fixed: Various design issues.
Admin Console 14.4.2
Released May 20, 2020
Benefits & Enhancements
Saving Enforcement Policies - This update includes the removal of the "Save" button from the Enforcement Policies screen. Any changes the Admin makes to the Enforcement Policy Settings, will now save automatically as the changes are being made.
Bug Fixes
Fixed: An error message is generated when an Admin attempts to switch the toggle on/off for "Logout Timer" Enforcement Policies.
Fixed: An error message is generated when an Admin attempts to switch the toggle on/off for "Purging Deleted Records" Enforcement Policies.
Fixed: Some enforcements when selected or changed, display key values.
Fixed: Adding a user to a pending transfer role fails to update the user's status until a manual sync is initiated.
Admin Console 14.4.1
Released May 15, 2020
Admin Console 14.4.0
Released May 5, 2020
Features & Enhancements
Team-to-Role Mapping - This release introduces team-to-role mapping, a major improvement to the way Admins manage role-based access control policies (RBAC) across their organizations. This allows Admins to use their existing identity provider to assign users directly into teams that can be assigned custom roles. Furthermore, a user who is a member of a team assigned to a role, will assume the enforcement of that given role. This new feature will not only increase efficiency when managing role enforcements, but improve policy consistency and reduce the occurrence of errors.
Subfolders Included in Vault Transfers - A transferred account will be replicated in its structure and content and will now include subfolders. All data will be transferred to the recipient and housed in a dedicated transfer folder, named to match the original owner's email address, and will include all transferred records, folders, and subfolders.
Improved UI - Admin Console provides improved UI support for small screen laptops and tablet devices.
Bug Fixes
Fixed: A "Request Failed" error appears when a Admin user's session times out.
Fixed: SCD Provisioning user dialogue does not display the correct user count when all users are selected.
Fixed: A secondary prompt briefly opens and closes after a user closes out of the "Transfer Account" prompt.
Fixed: The "Timeline Chart" report in ARAM displays all available events rather than defaulting to the relevant events specific to that report.
Fixed: Various spacing and alignment issues.
Admin Console 14.3.5
Released March 12, 2020
Enhancements & Benefits
KeeperFill Browser Extension Enforcement Update - Admins now have the ability to prevent their users from enabling the Auto Submit and Prompt to Fill features in the KeeperFill Browser Extension.
Two-Factor Authentication Enforcement Update - Admins now have the ability to disable 2FA for their users without having to contact Keeper support.
Bug Fixes
Fixed: The "accept" button is unresponsive when an Admin attempts to accept a vault transfer within the console (the user is still able to accept the transfer from their vault).
Fixed: An error message is received when a user attempts to resend a code for SMS 2FA (Two-factor Authentication).
Fixed: Users are unable to modify the name of the MSP "license purchaser" role.
Fixed: When an Admin sets the logout timer enforcement setting for web apps to 180 minutes, users are only able to set their logout timers to a maximum of 2 minutes.
Admin Console 14.3.4
Released February 28, 2020
Enhancements & Benefits
Edit User Module Enhancement - Previously, roles and teams that were removed via the edit user module, were unable to be re-added without saving and re-opening the module. An enhancement to the module has provided the ability for Admins to easily re-add roles and teams if removed by mistake, for example.
Bug Fixes
Fixed: Although users are correctly prompted at login for their security key, active keys are not appearing in the security key section of the console after user logs out and back in again.
Fixed: Teams and users are not consistently displayed across categories, causing the inability to add teams from the users section.
Fixed: Creating a new role that has administrative permissions (that includes transfer), prevents users from being added to that role.
Fixed: The option to unlock a user's account is not available once it has been locked from the edit user module.
Fixed: Various errors in design and visual prompts.
Admin Console 14.3.3
Released February 13, 2020
Enhancements & Benefits
Enterprise Data Removed from Application State - Large enterprises that were previously experiencing slow functionality when making changes (primarily in the Admin section of the Console) will now experience faster response time due to the separation of enterprise data from the user interface state.
LogRhythm SIEM Provider Update - A high resolution image update was created for LogRhythm, a SIEM (Security Information and Event Management) provider.
Bug Fixes
Fixed: The Managing Node drop-down menu within Managed companies is not displaying all available nodes.
Fixed: Current 2FA (Two-Factor Authentication) status is not displayed as expected within the Console Settings.
Fixed: The license history for Managed Companies is not correctly calculating net changes.
Fixed: Admin receives error message or unresponsiveness when attempting to delete or rename nodes within the Console.
Fixed: Error message does not present when an SSO user attempts forgotten password flow.
Admin Console 14.3.2
Released January 21, 2020
Benefits & Enhancements
Support for LogRhythm SIEM Provider - This release supports connectivity to LogRhythm, a SIEM (Security Information and Event Management) provider.
Full Node Structure for MSPs - The limitations for node structure creation have been removed, allowing for full node structure and provisioning methods as well as the creation of Managed Companies within sub-nodes.
Bug Fixes
Fixed: When an Administrator creates a new role, the name of that role cannot be edited.
Fixed: An error message is displayed as a key value when the SCIM (System for Cross-domain Identity Management) provisioning method is added to a node (other than the root node) when no values are entered by the user.
Fixed: Various visual issues, including key values incorrectly being displayed as errors.
Fixed: Selecting "Manage Companies (MSP)" is not saved when creating a new role and assigning user permissions.
Fixed: When a user logs in with Duo 2FA and selects "Don't ask for 30 days" they are incorrectly prompted again for Duo 2FA at next login.
Fixed: The settings for platform restrictions are not immediately reflected, requiring user to log out and back into the console to view changes.
Fixed: When selected as a secure add-on, the free trial for KeeperChat freezes the Console requiring the user to reload their browser.
Fixed: 2FA remains toggled on in security settings after previously being toggled off.
Fixed: The "Export" button within the Security Audit tab of the Admin Console does not work (Firefox).
Fixed: Various design issues, such as alignment and overlapping.
Admin Console 14.3.1
Released October 31, 2019
Bug Fixes
Fixed: Inability to add users to the administrative role after clearing cache or hard refreshing browser.
Fixed: User unable to remove a managed company that is in a "paused" state because "Remove" button is inactive.
Fixed: MSP administrator unable to log into Managed Company Console after setting-up 2FA Google Authenticator or SMS.
Admin Console 14.3.0
Released October 29, 2019
Benefits & Enhancements
Support for MSP Deployments - Seamless log in for MSP admins to a Managed Company.
Hyperlink Update - "Schedule a Demo" hyperlink for MSP users has been updated to Calendly.
Team Management by Admin - Admins are now able to manage existing teams (add/remove users) without being assigned to that team.
Bug Fixes
Fixed: Various buttons within Managed Companies and Admin Tabs are not working correctly.
Fixed: The advanced PBKDF2 Iterations setting should default to 100,000 instead of 10,000.
Fixed: An issue causing the Managed License Pool incorrectly track the removal of licenses.
Fixed: User is unable to activate and use Yubikey as expected within the Console.
Fixed: Infinite loading spinner appears when returning from DUO authentication page; user forced to refresh or close Console page.
Fixed: Various design inconsistencies and errors.
Admin Console 14.2.6
Released September 21, 2019
Bug Fixes
Fixed: Custom email content disappears after creation upon navigating in and out of the setting as well as from the "Edit" Screen.
Fixed: "Teams" rather than "User" appear for approval in the approval queue.
Fixed: No change takes place when user attempts to reset their security question (IE Browser)
Admin Console 14.2.5
Released September 19, 2019
Admin Console 14.2.4
Released September 18, 2019
Benefits & Enhancements
Hyperlink Update - "Schedule a Demo" hyperlink has been updated from Calendly to choice of: On Demand, Live Weekly, and Customized demo options.
Bug Fixes:
Fixed: Login page is performing a valid email check on every keystroke instead of when user selects the "Login" button.
Fixed: A checkout token is not created when user logs into an expired account and attempts to renew their subscription.
Fixed: Various display and design issues.
Admin Console 14.2.3
Released on August 12, 2019
Features & Benefits
A full user status report can be downloaded from the Admin Console Dashboard view. To download the report, click on (...) then "Download"
The report is a .csv file that contains the following columns:
Email
Name
Active/Invited Status ("active" or "invited")
Locked/Disabled Status ("locked")
Blocked/Pending Transfer ("blocked")
Last Login Date
Node Tree
Roles (pipe-delimited)
Teams (pipe-delimited)
Bug Fixes
Unable to add users to roles from certain screens. Fixed.
Unable to delete company logo. Fixed.
Filtering on user status does not work. Fixed.
Various bugs in team management.
Export button in Timeline charts not working. Fixed.
White screen experienced when moving users between nodes and logging in.
Admin Console 14.2.0
Released on July 25, 2019
This is a major feature update and bug fix release.
Features & Benefits
Password Generator Enforcement policy You can now specify the password generator complexity policy on a per-domain basis, or using wildcards can specify a larger matching pattern against domain names. This role enforcement feature has been added to the Vault Features screen.
Ability to specify the time zone when reporting alerts are sent via email and text message.
Added Azure Monitor Log Analytics and Generic Syslog to the list of supported External Sync targets.
Improved checkout flow from Admin Console to payment page via tokenization that does not require additional email validation.
Bug Fixes
F5 SSO Login issues on EU account in Safari, Admin accounts
Provisioning methods not being removed after deletion until logout/login
Display names under individual reports not linking to user detail
Selecting the "Settings" button causes errors in the console log
Add User dialog from Roles hangs the browser
YubiKey not prompted and defaults to backup 2FA method
Firefox setup of YubiKey not working
Change email address feature not sending verification code
Editing user results in blank screen
Last email address used is showing up in login after logging out
Resolved issues adding members to teams from certain views
Admin Console 14.1.2
Released on July 1, 2019
This is a bug fix release focused on the BreachWatch business 14.1.0 release.
Bug Fixes
Visual UI optimizations
Improved loading speed of initial login on new device
Internet Explorer UI issues
Accepting Vault Transfer prompt results in error
Duo Push errors on login
Approval Queue UI issues
Clicking on tabs runs a data sync to improve responsiveness to new data
Localizations in German
Features
New Keeper logo, branding, fonts and colors
Admin Console 14.1.0
Released June 20, 2019
This is a major feature update for BreachWatch Business.
Features & Benefits
BreachWatch Business V1 Launch
New Dashboard View
Optimized Node Tree navigation for customers with a large number of nodes
Incorporation of BreachWatch events in Advanced Reporting & Alerts Module
BreachWatch detail screens
Refactor of Security Audit screen to consolidate and simplify the UI
Billing support for BreachWatch Business
New Approval Queue screen incorporated into left navigation
Additional BreachWatch-related enforcement policies
Improved Search UI along top header
For detailed BreachWatch related updates visit the below links:
Admin Console 14.0.3
Released April 22, 2019
Admin Console 14.0.2
Release date April 17, 2019
This release is focused on bug fixes and performance improvements.
Issues Resolved
Search the console within Internet Explorer
Audit & Reporting visual issues
Inviting users from another enterprise account caused confusion
Reduce the number of Audit Event alerts on multi-record operations
German translations missing in several screens
Subnode beneath the root node is being highlighted by default when logging in
Admin Console 14.0.1
Release on March 27, 2019
This release is focused on bug fixes and performance improvements.
Issues Resolved
Purchase issues with Advanced Reporting & Alerts Module
YubiKey login stores the 2FA token longer than the enforcement policy
Email invitation formatting
Audit report events with backslashes showing in event name
Duo Security login issues related to storage of 2FA device token
Formatting of Audit and Reporting display
Cascade Node Permission error
Searching within sub-node administrators
Timeline chart display issues
Highlight text color more readable
Localization issues
Security Score calculation issues
Admin Console 14.0
Release date: March 28, 2019
Features & Benefits
Enable/disable offline mode, now with web browser support (Chrome, Firefox, Safari, Edge)
Enable/Disable use of a Master Password with Single Sign On for use both online and offline.
New enhanced search capability
Security updates (additional encryption layer) for v14 Backend API
Bug Fixes
Added event tracking for "Activated Email Provisioning"
Visual Improvements
IBM QRadar integration bug fixes
Various minor UI bug fixes
User redirect issues resolved with Google SSO Admin
Throttled user login with SSO does not generate error message
SMS setup in 2FA did not display error when entering the wrong code
Page crashes clicking on certain Alert screens
2FA token not retained on the Admin Console when "prompt every time" is enforced
What's Next
BreachWatch for Business and a new enhanced Dashboard is coming in the next release (14.1.0) of the Admin Console
Admin Console 13.3
February 28, 2019
Reporting & Alerts Module
The all new Reporting & Alerts module is a powerful Add On which provides customized event-based reporting and auditing capabilities.
Enhancements & Benefits
Major new functionality is provided in this release via the optional Advanced Reporting & Alerts Module.
Based on 75+ events generated from Keeper client devices and activities utilizing the Keeper backend
Maintains strict Zero-Knowledge architecture, no reveal of record information possible to administrators
Offline events are buffered on client then uploaded when reconnected
Events Timeline
Displays Top 5 events (those with highest event counts) during the period
Period selectable between Last 30 Days, 7 Days, or 24 Hours.
Shows % of total for each event
Customizable to show different events (other than Top 5)
Mouseovers to show each date
Reporting Engine
Basic report for Recent Activity includes all events
Advanced allows customizing and saving reports
Wide variety of events types & attributes to focus views
Customizable column headings
Exportable log data to SIEM, Syslog, spreadsheets, etc.
Alerts
Choose from wide array of event types and attributes via filters
Send alerts via email or SMS text
Control frequency of alerts with multiple types of settings
3rd Party Secure Information & Event Management support via External Logging
External logging of all events
Simple set up for Splunk, Sumo, Amazon S3, IBM QRadar
All reported events are also available from the Keeper Commander SDK
Known Limitations
No limit on events logged
Report viewer limited to showing up to 1000 events at a time (10 pages of 100 events)
Maximum 100 SMS alerts per day (per enterprise)
No limit on Email alerts
QRadar support not available yet
Coming Soon
Admin Console 13.2
Released on February 7, 2019
Enhancements & Benefits
Improved mobile / tablet support
Enterprise licensing flows and subscription management
Left-hand navigation
Major performance improvements to Recent Activity backend event tracking
Preparation for upcoming Advanced Reporting & Alert module
Known Limitations
The "Recent Activity" screen is limited to 16 event types, and will only retrieve the most recent 1,000 events from the backend system. Please use Keeper Commander API for full event logging historical data and integration into SIEM systems.
Coming Soon
Admin Console version 13.3 contains a major advancement of the event reporting capabilities in Keeper Enterprise and will be available for beta evaluation on February 15, 2019 and full launch on February 25, 2019. Please contact your Keeper sales representative for early access.
Admin Console 13.1
Release date: January 17, 2019.
Enhancements & Benefits
This release contains several new role enforcement policies, visual improvements to the role enforcement policy section, additional refinements for existing role policies, and bug fixes to address known customer issues.
Custom Logout Timers
Previously, logout timer enforcements were limited to certain intervals between 1 minute and 24 hours. Now, you can customize the value of the logout timer in increments of minutes. To enforce a logout timer, turn the switch to the ON position and then specify the logout timer setting as seen below.
Note, "Disable email invitations" enforcement policy was also moved into this Account Settings role enforcement policy screen.
Platform Restrictions
By default, access is granted on all role enforcement policies. We have now added KeeperChat platform restriction policies. You may restrict the use of KeeperChat on Desktop and Mobile devices.
Vault Feature Policies
We have added a series of enforcement policies related to features within the Keeper Vault that appear in the "Vault Features" screen. The new policies added are the following:
Prevent users from creating folders
Prevent users from creating Identity and Payment records
Mask custom fields
Mask notes
Mask passwords
Day(s) before records can be cleared permanently
Day(s) before deleted records automatically purge
The screenshot of these policies can be seen below.
Notes:
When masking is enforced on custom fields, notes and passwords, this has the effect of replacing all of the content on the screen with dots as seen below. Clicking on the eyeball icon will display and hide the content within the field.
"Purge Deleted Records" enforcements prevents a user from deleting items in their vault and then immediately purging their deleted records permanently.
Here's an example of a record showing masked password, custom field and notes:
Sharing & Uploading Policies
A new role enforcement policy called "Prevent sharing records with file attachments" has been added. By default, this ability is permitted.
KeeperFill Restrictions
There is now a new screen called "KeeperFill" which controls the behavior of the KeeperFill browser extension for Chrome, Firefox, Safari, Edge and IE.
"KeeperFill disabled for specified websites" is a policy which will completely disable the KeeperFill browser extension on sites which match the list provided. You can add any number of sites to the list of disabled websites, and you can also include wildcard characters. This policy was created to address some websites or internal applications that are not friendly to browser extensions, or which impact the performance of the application.
Master Password Expiration
Similar to the improvements on logout timer settings, the "Master Password Expiration" policy can now be configured with a customizable number of days, instead of selecting from a pre-defined list.
Bug Fixes and Performance Updates
Fixed issue where users can't login to Admin Console with expired account transfer consent status
Sorting issues on several screens
RSA and Duo 2FA related issues
Recent Activity visual date issues
Fixed missing localization strings in certain languages
Known Limitations
This release will initially be supported only by these Keeper clients:
Browser Extensions
12.27 (Chrome, Safari, Edge, Firefox)
12.30 (Chrome, Safari, Edge, Firefox, Internet Explorer)
Keeper Web Vault
Coming soon...
All role enforcement policies will be fully supported on the following clients in upcoming releases:
iOS 14.2
Android
Surface
Microsoft Desktop application