Older release note content is still available, but anything older than the last 10 updates is placed here.

Features and Improvements

• EM-4629: Added Role Enforcement to disable Windows Hello

• EM-4550: Added clarification to Data Center chooser on registration

• EM-4804: Node names not appearing in ARAM events for Created Node

• EM-4786: New managed companies showing %NaN

• EM-4511: ARAM Timeline report UI issues

• EM-4435: Usernames are duplicated in ARAM filters

• EM-4810: Improved UI of dashboard when logging in

• EM-4720: New Role Policy to Automatically resend invites every X days

• EM-4859: Console freezes if queued user approval contains user that was deleted

• EM-4843: Inconsistent mouse hover treatment on Create Team link

• EM-3409: Include Date and Time on the User Report

• EM-4708: Prevent deletion of nodes that contain Managed Companies

Bug Fixes

• EM-4811: MSP License Pool does not update on Quick Sync

• EM-4808: Transfer Status does not update on Quick Sync

• EM-4596: IP Blocked events not appearing in ARAM

• EM-4515: Removing Record from Shared Folder not appearing in ARAM

• EM-4731: ARAM alert webhook translations not correct

• EM-4778: Export users on large data set fails

• EM-4762: Searching for user not always showing the best match

• EM-4380: Error logging in with Legacy Edge

• EM-4836: Transfer Account fails silently on corrupted records

• EM-4841: Last 24 hours timeline chart not showing properly

• EM-4853: Isolated nodes are losing setting on logout and login

• EM-4644: Security Audit Tab some users are invisible

New Features

Webhooks

Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.

Popular uses of Webhooks are the following:

• Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms

• Integrating Keeper events into your custom software, hosted in the Cloud

• Developing integrations into Keeper using 3rd party platforms

More Info available here: https://docs.keeper.io/enterprise-guide/webhooks

Improvements

• Performance improvements for customers with a large user base (tested with over 200,000 users)

• New Incremental and Full Sync capability.

• Additional Real-Time pushes of incremental changes with push notifications (for example, when users are added/invited/created you don't need to click "Sync")

• Display of Node Isolation setting within the user interface

• New enforcement policy to disable Security Question & Answer (Account Recovery)

• As a reminder, there is a new enforcement policy to disable HTTP Fill warnings on the Browser Extension. This is helpful for developers and internal websites that don't use SSL.

Bug Fixes

• EM-4624: Selecting non-US country for alert phone number results in invalid phone number

• EM-4584: Timeline Chart does not reflect changes when the various time ranges are selected

• EM-4139: BreachWatch events in Timeline Chart are not visible

• EM-3398: "Removed User from Team" and "Removed User from Role" events are missing from ARAM event types

• EM-4361: White screen appears after adding user to a team

• EM-4633: User receives error message when the default role check box is selected

• EM-4635: The root node is named "root" rather than the organization name

• EM-4637: Admins unable to view ARAM section of console

• EM-4642: A white screen appears when selecting Managed Companies section of console

• EM-4641: A crash occurs when searching for or clicking on a user from the Roles tab

• EM-4647: A white screen appears when attempting to create a custom report in ARAM

• EM-4643: The user's billing history is not appearing in the Subscriptions menu

Improvements

• EM-4424: Addition of a KeeperFill role enforcement policy that enforces all settings/features of the Browser Extension

Bug Fixes

• EM-4556: Syslog push sends the wrong TLS setting to the server

• EM-4559: Sending Keeper Push on a non-SSO account on console generates a reference error

• EM-4562: 2FA duration enforcements are not enforced on clients

• EM-4567: Admin gets a white screen when they receive a device approval request from a user they don't manage

• EM-4569: Selecting "Deny" on device approval request generates an error in the inspector

• EM-4570: Unable to create a trial when linking from an iframe in a 3rd party site

• EM-4574: Change Master Password request fires twice

• EM-4554: Opening console login page in new window when "stay logged in" is enabled, a blank console screen appears

• EM-4544: Account_Recovery is displayed as a key value in ARAM event types

• EM-4540: Account recovery dialogue displays incorrect error text

• EM-4529: Admin's changed email is not displayed at login when "Stay logged in" is enabled

• EM-4507: Master Password Expiration and Logout Timer enforcements are missing duration descriptions

Bug Fixes

• EM-4390: Admin unable to delete Cloud SSO configuration instance

• EM-4364: Logging into a console that contains requests in the approval queue generates an error message

• EM-4460: Reloading the "Create Trial" page does not allow the user to enter an email address

• EM-4456: Key value is displayed for the "Disable in-app onboarding" enforcement policy event in ARAM

• EM-4455: Key value is displayed for the "Restrict persistent login" enforcement policy event in ARAM

• EM-4454: Key value is displayed for the "Restrict commander access" enforcement policy event in ARAM

• EM-4451: Admins are unable to edit an existing custom email invitation

• EM-4450: No error message is presented to the Admin in their attempt to remove themselves from the Keeper Admin role

• EM-4263: Inviting a reserved domain user triggers an incorrect error message

• EM-4423: User receives no feedback on team keys they can't retrieve (due to legacy issues)

• EM-4469: After turning 2FA off, the setting appears to remain on until the Admin logs out/in

• EM-4490: "Pending Transfer Acceptance" status is not displayed when a user is added to the transfer role

• EM-4479: Reset security question tool tip unexpectedly closes when the user attempts to select the presented link

• EM-4476: Key value is displayed for the "out of seats" event in ARAM

• EM-4501: Login with Yubikey generates persistent "Touch Security Key" dialog and generates error message

• EM-4502: User searches for roles in the "User Details" screen are case sensitive

• EM-4497: Admins are unable to select user details for users that are in an invited/blocked state

• EM-4506: Cache race condition causes users that are added/removed from a team to fall out of sync

• EM-4508: A white screen containing errors is displayed when an user selects toggle for the auto logout timer enforcement policy

Features and Improvements

• EM-4148: Search for Roles Feature - Admins now have the ability to search for a role within the "Add User" dialogue by entering a search string to quickly locate and add a user to a desired role. This is particularly helpful for customers that have many roles and their workflow requires adding one or more roles to a single user.

• EM-4471: Support for SAML 2.0 IsPassive option in Cloud SSO

Bug Fixes

• EM-4385: Error message fails to appear when Admin attempts to configure Cloud SSO in the root node

• EM-4378: User is logged out when submitting empty text field(s) in attempt to reset their security question or change their email

• EM-4377: Eyeball icon fails to reveal password in Reset Master Password screen

• EM-4284: RSA SecurID screen notifies the user a text message has been sent rather than requesting the 2FA code

• EM-3880: A 400 error is generated for Save_summary_security_report when a user attempts to login to MC from MSP

• EM-4054: Incorrect error message appears when Admin attempts to move a parent node into a child node

• EM-4444: User unable to reset their security question when 2FA is enabled

• EM-4462: User is unable to close backup code screen upon setting up SMS method for 2FA

• EM-4484: White screen and error in inspector appear when user toggles on the logout timer role enforcement policy

• EM-4413: Improved web socket handling

• EM-4421: "Stay Logged In" language and feature is reversed

• EM-4416: No submit button when creating business trial

• EM-4387: Translations missing on SSO Connect view screens

• EM-3876: Share event type in ARAM has duplicate name

• EM-3820: Emails with slash "/" not receiving email invite

• EM-3701: Email is saved even when "remember email" is unchecked

• EM-4436: No security audit data in admin console for new Managed Company

• EM-4452: Commander SDK platform not enabled by default (reversed)

• EM-4465: Login with Yubikey fails on Firefox browser

Known Issues

The next release, v15.0.4 will contain the following fixes:

• EM-4405: SSO Login with Edge issues

• EM-4380: Login with Legacy Edge issues

Bug Fixes

EM-4459: Users unable to create Business or MSP trial in Microsoft Edge browser; screen spins and "uncaught (in promise) DomException" error is generated

Enhancements & Benefits

• EM-4446: "Deny" button has been added to the Device Approval Screen

• EM-4398: Addition of persistent session enforcement policy

• EM-4394: Addition of disable onboarding enforcement policy

• EM-4365: Support for new methods of Device Approval (Keeper Push, Admin Approval)

• EM-4206: Addition of session persistence setting, allowing Admin to stay logged into Keeper when they close their browser or restart their computer

Bug Fixes

• EM-4427: Entering characters in the IP address(es) allowed field causes a crash and generates errors

• EM-4419: DUO push fails on "Forgot Password" flow

• EM-4418: User receives error attempting the "Forgot Password" flow after entering new password

• EM-4328: White screen appears upon entering approval queue after deleting last user approval request from list

• EM-4232: During the account recovery flow, the user's cursor defaults to the second field of the new password screen.

• Various design errors and inconsistencies

Features & Benefits

• Keeper SSO Connect™ Cloud leverages Keeper’s zero-knowledge security architecture to securely and seamlessly authenticate users into their Keeper Vault and dynamically provision user vaults to the platform. Keeper supports all popular SSO IdP platforms such as Okta, Microsoft Azure, Google G Suite, Centrify, OneLogin, Ping Identity, and more. This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console. More information available here: https://docs.keeper.io/sso-connect-cloud/

• Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3

Bug Fixes

• EM-4360: Device approval events in ARAM reports are displayed as key values

• EM-4352: SAML Debug Log is incorrectly sorted from oldest to newest

• EM-4341: User unable to change Cloud SSO service endpoints

• Various design inconsistencies

Features & Benefits

• Privacy Screen - Admins now have the ability to control the viewing (unmasking) of passwords based on a specified domain. This policy is enforceable by the Admin for individual domains within each of their Generated Password Complexity settings by enabling "Apply Privacy Screen".

• Master Password Re-entry Enforcement - This role enforcement allows Admins to require their users to re-enter their Master Password in order to unmask or copy a password. Once unmasked, the password will be re-masked after 30 seconds have passed.

• Sharing & Uploading Enforcement Policy - This role enforcement policy allows Admins to prevent their users from importing records from Web App and Desktop App.

• Auto-Approval of Teams in the Admin Console - Rather than requiring a manual approval from within the approval queue, queued teams (via SCIM and Bridge) are now automatically approved. Additionally, active users will automatically be added to their relevant teams.

Bug Fixes

• Fixed: Managed Companies are not being added to the intended node.

• Fixed: Restrict import enforcement events are displayed as a key value in ARAM.

• Fixed: There are no available attributes for the user to select from the dropdown menu in the SCD Provisioning dialog.

• Fixed: Error message received when an Admin attempts to move a Managed Company to another sub node.

• Fixed: Various design issues.

Benefits & Enhancements

• Saving Enforcement Policies - This update includes the removal of the "Save" button from the Enforcement Policies screen. Any changes the Admin makes to the Enforcement Policy Settings, will now save automatically as the changes are being made.

Bug Fixes

• Fixed: An error message is generated when an Admin attempts to switch the toggle on/off for "Logout Timer" Enforcement Policies.

• Fixed: An error message is generated when an Admin attempts to switch the toggle on/off for "Purging Deleted Records" Enforcement Policies.

• Fixed: Some enforcements when selected or changed, display key values.

• Fixed: Adding a user to a pending transfer role fails to update the user's status until a manual sync is initiated.

Bug Fixes

• Fixed: The scrollbar is missing when 50 or 100 users are selected in the SCD Provisioning window.

• Fixed: Moving a user from the root node to a sub node causes the sub node user list to appear empty.

• Fixed: Various design and alignment issues.

Features & Enhancements

• Team-to-Role Mapping - This release introduces team-to-role mapping, a major improvement to the way Admins manage role-based access control policies (RBAC) across their organizations. This allows Admins to use their existing identity provider to assign users directly into teams that can be assigned custom roles. Furthermore, a user who is a member of a team assigned to a role, will assume the enforcement of that given role. This new feature will not only increase efficiency when managing role enforcements, but improve policy consistency and reduce the occurrence of errors.

• Subfolders Included in Vault Transfers - A transferred account will be replicated in its structure and content and will now include subfolders. All data will be transferred to the recipient and housed in a dedicated transfer folder, named to match the original owner's email address, and will include all transferred records, folders, and subfolders.

• Improved UI - Admin Console provides improved UI support for small screen laptops and tablet devices.

Bug Fixes

• Fixed: A "Request Failed" error appears when a Admin user's session times out.

• Fixed: SCD Provisioning user dialogue does not display the correct user count when all users are selected.

• Fixed: A secondary prompt briefly opens and closes after a user closes out of the "Transfer Account" prompt.

• Fixed: The "Timeline Chart" report in ARAM displays all available events rather than defaulting to the relevant events specific to that report.

• Fixed: Various spacing and alignment issues.

Enhancements & Benefits

• KeeperFill Browser Extension Enforcement Update - Admins now have the ability to prevent their users from enabling the Auto Submit and Prompt to Fill features in the KeeperFill Browser Extension.

• Two-Factor Authentication Enforcement Update - Admins now have the ability to disable 2FA for their users without having to contact Keeper support.

Bug Fixes

• Fixed: The "accept" button is unresponsive when an Admin attempts to accept a vault transfer within the console (the user is still able to accept the transfer from their vault).

• Fixed: An error message is received when a user attempts to resend a code for SMS 2FA (Two-factor Authentication).

• Fixed: Users are unable to modify the name of the MSP "license purchaser" role.

• Fixed: When an Admin sets the logout timer enforcement setting for web apps to 180 minutes, users are only able to set their logout timers to a maximum of 2 minutes.

Enhancements & Benefits

Edit User Module Enhancement - Previously, roles and teams that were removed via the edit user module, were unable to be re-added without saving and re-opening the module. An enhancement to the module has provided the ability for Admins to easily re-add roles and teams if removed by mistake, for example.

Bug Fixes

• Fixed: Although users are correctly prompted at login for their security key, active keys are not appearing in the security key section of the console after user logs out and back in again.

• Fixed: Teams and users are not consistently displayed across categories, causing the inability to add teams from the users section.

• Fixed: Creating a new role that has administrative permissions (that includes transfer), prevents users from being added to that role.

• Fixed: The option to unlock a user's account is not available once it has been locked from the edit user module.

• Fixed: Various errors in design and visual prompts.

Enhancements & Benefits

• Enterprise Data Removed from Application State - Large enterprises that were previously experiencing slow functionality when making changes (primarily in the Admin section of the Console) will now experience faster response time due to the separation of enterprise data from the user interface state.

• LogRhythm SIEM Provider Update - A high resolution image update was created for LogRhythm, a SIEM (Security Information and Event Management) provider.

Bug Fixes

• Fixed: The Managing Node drop-down menu within Managed companies is not displaying all available nodes.

• Fixed: Current 2FA (Two-Factor Authentication) status is not displayed as expected within the Console Settings.

• Fixed: The license history for Managed Companies is not correctly calculating net changes.

• Fixed: Admin receives error message or unresponsiveness when attempting to delete or rename nodes within the Console.

• Fixed: Error message does not present when an SSO user attempts forgotten password flow.

Benefits & Enhancements

• Support for LogRhythm SIEM Provider - This release supports connectivity to LogRhythm, a SIEM (Security Information and Event Management) provider.

• Full Node Structure for MSPs - The limitations for node structure creation have been removed, allowing for full node structure and provisioning methods as well as the creation of Managed Companies within sub-nodes.

Bug Fixes

• Fixed: When an Administrator creates a new role, the name of that role cannot be edited.

• Fixed: An error message is displayed as a key value when the SCIM (System for Cross-domain Identity Management) provisioning method is added to a node (other than the root node) when no values are entered by the user.

• Fixed: Various visual issues, including key values incorrectly being displayed as errors.

• Fixed: Selecting "Manage Companies (MSP)" is not saved when creating a new role and assigning user permissions.

• Fixed: When a user logs in with Duo 2FA and selects "Don't ask for 30 days" they are incorrectly prompted again for Duo 2FA at next login.

• Fixed: The settings for platform restrictions are not immediately reflected, requiring user to log out and back into the console to view changes.

• Fixed: When selected as a secure add-on, the free trial for KeeperChat freezes the Console requiring the user to reload their browser.

• Fixed: 2FA remains toggled on in security settings after previously being toggled off.

• Fixed: The "Export" button within the Security Audit tab of the Admin Console does not work (Firefox).

• Fixed: Various design issues, such as alignment and overlapping.

Bug Fixes

• Fixed: Inability to add users to the administrative role after clearing cache or hard refreshing browser.

• Fixed: User unable to remove a managed company that is in a "paused" state because "Remove" button is inactive.

• Fixed: MSP administrator unable to log into Managed Company Console after setting-up 2FA Google Authenticator or SMS.

Benefits & Enhancements

• Support for MSP Deployments - Seamless log in for MSP admins to a Managed Company.

• Hyperlink Update - "Schedule a Demo" hyperlink for MSP users has been updated to Calendly.

• Team Management by Admin - Admins are now able to manage existing teams (add/remove users) without being assigned to that team.

Bug Fixes

• Fixed: Various buttons within Managed Companies and Admin Tabs are not working correctly.

• Fixed: The advanced PBKDF2 Iterations setting should default to 100,000 instead of 10,000.

• Fixed: An issue causing the Managed License Pool incorrectly track the removal of licenses.

• Fixed: User is unable to activate and use Yubikey as expected within the Console.

• Fixed: Infinite loading spinner appears when returning from DUO authentication page; user forced to refresh or close Console page.

• Fixed: Various design inconsistencies and errors.

Bug Fixes

• Fixed: Custom email content disappears after creation upon navigating in and out of the setting as well as from the "Edit" Screen.

• Fixed: "Teams" rather than "User" appear for approval in the approval queue.

• Fixed: No change takes place when user attempts to reset their security question (IE Browser)

Bug Fixes

• Fixed: Broken Breachwatch and Security Audit screens within the user interface.

Benefits & Enhancements

• Hyperlink Update - "Schedule a Demo" hyperlink has been updated from Calendly to choice of: On Demand, Live Weekly, and Customized demo options.

Bug Fixes:

• Fixed: Login page is performing a valid email check on every keystroke instead of when user selects the "Login" button.

• Fixed: A checkout token is not created when user logs into an expired account and attempts to renew their subscription.

• Fixed: Various display and design issues.

Features & Benefits

A full user status report can be downloaded from the Admin Console Dashboard view. To download the report, click on (...) then "Download"

The report is a .csv file that contains the following columns:

1. Email

2. Name

3. Active/Invited Status ("active" or "invited")

4. Locked/Disabled Status ("locked")

5. Blocked/Pending Transfer ("blocked")

6. Last Login Date

7. Node Tree

8. Roles (pipe-delimited)

9. Teams (pipe-delimited)

Bug Fixes

• Unable to add users to roles from certain screens. Fixed.

• Unable to delete company logo. Fixed.

• Filtering on user status does not work. Fixed.

• Various bugs in team management.

• Export button in Timeline charts not working. Fixed.

• White screen experienced when moving users between nodes and logging in.

This is a major feature update and bug fix release.

Features & Benefits

• Password Generator Enforcement policy You can now specify the password generator complexity policy on a per-domain basis, or using wildcards can specify a larger matching pattern against domain names. This role enforcement feature has been added to the Vault Features screen.

• Ability to specify the time zone when reporting alerts are sent via email and text message.

• Added Azure Monitor Log Analytics and Generic Syslog to the list of supported External Sync targets.

• Improved checkout flow from Admin Console to payment page via tokenization that does not require additional email validation.

Bug Fixes

• F5 SSO Login issues on EU account in Safari, Admin accounts

• Provisioning methods not being removed after deletion until logout/login

• Display names under individual reports not linking to user detail

• Selecting the "Settings" button causes errors in the console log

• Add User dialog from Roles hangs the browser

• YubiKey not prompted and defaults to backup 2FA method

• Firefox setup of YubiKey not working

• Change email address feature not sending verification code

• Editing user results in blank screen

• Last email address used is showing up in login after logging out

• Resolved issues adding members to teams from certain views

This is a bug fix release focused on the BreachWatch business 14.1.0 release.

Bug Fixes

• Visual UI optimizations

• Improved loading speed of initial login on new device

• Internet Explorer UI issues

• Accepting Vault Transfer prompt results in error

• Duo Push errors on login

• Approval Queue UI issues

• Clicking on tabs runs a data sync to improve responsiveness to new data

• Localizations in German

Features

• New Keeper logo, branding, fonts and colors

This is a major feature update for BreachWatch Business.

Features & Benefits

• BreachWatch Business V1 Launch

• New Dashboard View

• Optimized Node Tree navigation for customers with a large number of nodes

• Incorporation of BreachWatch events in Advanced Reporting & Alerts Module

• BreachWatch detail screens

• Refactor of Security Audit screen to consolidate and simplify the UI

• Billing support for BreachWatch Business

• New Approval Queue screen incorporated into left navigation

• Additional BreachWatch-related enforcement policies

• Improved Search UI along top header

For detailed BreachWatch related updates visit the below links:

BreachWatch (Dark Web)Enterprise Guide

BreachWatch: Now Available for Business & Enterprise Customers - Keeper Security Blog - Cybersecurity News & Product UpdatesKeeper Security Blog - Cybersecurity News & Product Updates

Bug Fixes

• Unable to login as Sub-node admin

• Blank page when adding a role

• App crashes on logout timer settings changes

This release is focused on bug fixes and performance improvements.

Issues Resolved

• Search the console within Internet Explorer

• Audit & Reporting visual issues

• Inviting users from another enterprise account caused confusion

• Reduce the number of Audit Event alerts on multi-record operations

• German translations missing in several screens

• Subnode beneath the root node is being highlighted by default when logging in

This release is focused on bug fixes and performance improvements.

Issues Resolved

• Purchase issues with Advanced Reporting & Alerts Module

• YubiKey login stores the 2FA token longer than the enforcement policy

• Email invitation formatting

• Audit report events with backslashes showing in event name

• Duo Security login issues related to storage of 2FA device token

• Formatting of Audit and Reporting display

• Cascade Node Permission error

• Searching within sub-node administrators

• Timeline chart display issues

• Highlight text color more readable

• Localization issues

• Security Score calculation issues

Features & Benefits

• Enable/disable offline mode, now with web browser support (Chrome, Firefox, Safari, Edge)

• Enable/Disable use of a Master Password with Single Sign On for use both online and offline.

• New enhanced search capability

• Security updates (additional encryption layer) for v14 Backend API

Bug Fixes

• Added event tracking for "Activated Email Provisioning"

• Visual Improvements

• IBM QRadar integration bug fixes

• Various minor UI bug fixes

• User redirect issues resolved with Google SSO Admin

• Throttled user login with SSO does not generate error message

• SMS setup in 2FA did not display error when entering the wrong code

• Page crashes clicking on certain Alert screens

• 2FA token not retained on the Admin Console when "prompt every time" is enforced

What's Next

BreachWatch for Business and a new enhanced Dashboard is coming in the next release (14.1.0) of the Admin Console

Reporting & Alerts Module

The all new Reporting & Alerts module is a powerful Add On which provides customized event-based reporting and auditing capabilities.

Enhancements & Benefits

• Major new functionality is provided in this release via the optional Advanced Reporting & Alerts Module.

  • Based on 75+ events generated from Keeper client devices and activities utilizing the Keeper backend

  • Maintains strict Zero-Knowledge architecture, no reveal of record information possible to administrators

  • Offline events are buffered on client then uploaded when reconnected

• Events Timeline

  • Displays Top 5 events (those with highest event counts) during the period

  • Period selectable between Last 30 Days, 7 Days, or 24 Hours.

  • Shows % of total for each event

  • Customizable to show different events (other than Top 5)

  • Mouseovers to show each date

• Reporting Engine

  • Basic report for Recent Activity includes all events

  • Advanced allows customizing and saving reports

  • Wide variety of events types & attributes to focus views

  • Customizable column headings

  • Exportable log data to SIEM, Syslog, spreadsheets, etc.

• Alerts

  • Choose from wide array of event types and attributes via filters

  • Send alerts via email or SMS text

  • Control frequency of alerts with multiple types of settings

• 3rd Party Secure Information & Event Management support via External Logging

  • External logging of all events

  • Simple set up for Splunk, Sumo, Amazon S3, IBM QRadar

• All reported events are also available from the Keeper Commander SDK

Known Limitations

• No limit on events logged

• Report viewer limited to showing up to 1000 events at a time (10 pages of 100 events)

• Maximum 100 SMS alerts per day (per enterprise)

  • No limit on Email alerts

• QRadar support not available yet

Coming Soon

Enhancements & Benefits

• Improved mobile / tablet support

• Enterprise licensing flows and subscription management

• Left-hand navigation

• Major performance improvements to Recent Activity backend event tracking

• Preparation for upcoming Advanced Reporting & Alert module

Known Limitations

• The "Recent Activity" screen is limited to 16 event types, and will only retrieve the most recent 1,000 events from the backend system. Please use Keeper Commander API for full event logging historical data and integration into SIEM systems.

Coming Soon

• Admin Console version 13.3 contains a major advancement of the event reporting capabilities in Keeper Enterprise and will be available for beta evaluation on February 15, 2019 and full launch on February 25, 2019. Please contact your Keeper sales representative for early access.

Enhancements & Benefits

This release contains several new role enforcement policies, visual improvements to the role enforcement policy section, additional refinements for existing role policies, and bug fixes to address known customer issues.

Custom Logout Timers

Previously, logout timer enforcements were limited to certain intervals between 1 minute and 24 hours. Now, you can customize the value of the logout timer in increments of minutes. To enforce a logout timer, turn the switch to the ON position and then specify the logout timer setting as seen below.

Note, "Disable email invitations" enforcement policy was also moved into this Account Settings role enforcement policy screen.

Platform Restrictions

By default, access is granted on all role enforcement policies. We have now added KeeperChat platform restriction policies. You may restrict the use of KeeperChat on Desktop and Mobile devices.

Vault Feature Policies

We have added a series of enforcement policies related to features within the Keeper Vault that appear in the "Vault Features" screen. The new policies added are the following:

1. Prevent users from creating folders

2. Prevent users from creating Identity and Payment records

3. Mask custom fields

4. Mask notes

5. Mask passwords

6. Day(s) before records can be cleared permanently

7. Day(s) before deleted records automatically purge

The screenshot of these policies can be seen below.

Notes:

• When masking is enforced on custom fields, notes and passwords, this has the effect of replacing all of the content on the screen with dots as seen below. Clicking on the eyeball icon will display and hide the content within the field.

• "Purge Deleted Records" enforcements prevents a user from deleting items in their vault and then immediately purging their deleted records permanently.

Here's an example of a record showing masked password, custom field and notes:

Sharing & Uploading Policies

A new role enforcement policy called "Prevent sharing records with file attachments" has been added. By default, this ability is permitted.

KeeperFill Restrictions

There is now a new screen called "KeeperFill" which controls the behavior of the KeeperFill browser extension for Chrome, Firefox, Safari, Edge and IE.

"KeeperFill disabled for specified websites" is a policy which will completely disable the KeeperFill browser extension on sites which match the list provided. You can add any number of sites to the list of disabled websites, and you can also include wildcard characters. This policy was created to address some websites or internal applications that are not friendly to browser extensions, or which impact the performance of the application.

Master Password Expiration

Similar to the improvements on logout timer settings, the "Master Password Expiration" policy can now be configured with a customizable number of days, instead of selecting from a pre-defined list.

Bug Fixes and Performance Updates

• Fixed issue where users can't login to Admin Console with expired account transfer consent status

• Sorting issues on several screens

• RSA and Duo 2FA related issues

• Recent Activity visual date issues

• Fixed missing localization strings in certain languages

Known Limitations

This release will initially be supported only by these Keeper clients:

• Browser Extensions

  • 12.27 (Chrome, Safari, Edge, Firefox)

  • 12.30 (Chrome, Safari, Edge, Firefox, Internet Explorer)

• Keeper Web Vault

Coming soon...

All role enforcement policies will be fully supported on the following clients in upcoming releases:

• iOS 14.2

• Android

• Surface

• Microsoft Desktop application