LogoLogo
SSO Connect Cloud
SSO Connect Cloud
  • Keeper SSO Connect Cloud
  • Overview
  • Admin Console Configuration
  • SSO Identity Providers
    • Amazon AWS
    • Auth0
    • Centrify
    • CloudGate UNO
    • DUO SSO
    • Entra ID (Azure AD)
    • F5
    • Google Workspace
      • Google Workspace User and Group Provisioning with Cloud Function
      • Google Workspace User Provisioning with SCIM
    • HENNGE
    • Imprivata
    • JumpCloud
    • Microsoft AD FS
    • Okta
    • OneLogin
    • Ping Identity
    • PingOne
    • Rippling
    • RSA SecurID Access
    • SecureAuth
    • Shibboleth
    • Other SAML 2.0 Providers
  • Passwordless Providers
    • Traitware
    • Trusona
    • Veridium
    • Beyond Identity
  • Device Approvals
    • Keeper Push
    • Admin Approval
    • Keeper Automator Service
      • Version 17.0 Overview
      • Ingress Requirements
      • Azure Container App
      • Azure App Services
      • Azure App Gateway (Advanced)
      • AWS Elastic Container Service
      • AWS Elastic Container Service with KSM (Advanced)
      • Java on Linux
      • Docker on Linux
      • Docker Compose
      • Google Cloud with GCP Cloud Run
      • Kubernetes Service
      • Windows Service
      • Multi-Tenant Mode
      • Custom SSL Certificate
      • Advanced Settings
      • Troubleshooting
    • CLI Approvals
  • Certificate Renewal
  • Logout Configuration
  • User Provisioning
  • System Architecture
  • Security and User Flow
  • Migrate from OnPrem
  • Graphic Assets
  • Links & Resources
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • Overview
  • Why is this needed?
  • Installation Options
  • Installation Method: Azure Container App
  • Installation Method: Azure App Services
  • Installation Method: Azure App Gateway
  • Installation Method: AWS Elastic Container Service
  • Installation Method: AWS Elastic Container Service with KSM
  • Installation Method: Google Cloud with GCP Cloud Run
  • Installation Method: Standalone Java
  • Installation Method: Docker
  • Installation Method: Docker Compose
  • Installation Method: Kubernetes
  • Installation Method: Windows Service
  • Automator Security

Was this helpful?

Export as PDF
  1. Device Approvals

Keeper Automator Service

Automatic device approval service for SSO Connect Cloud environments

PreviousAdmin ApprovalNextVersion 17.0 Overview

Last updated 2 months ago

Was this helpful?

Overview

The Keeper Automator is a self-hosted service which performs cryptographic operations including device approvals, team approvals and team user assignments.

Once Automator is running, users can seamlessly access Keeper on a new (not previously approved) device after a successful authentication with your identity provider, without any further approval steps. Without the Automator service, users and admins can still perform manual device approvals through Push Approval methods.

Keeper Automator is a lightweight service that can be deployed in your cloud or on-prem environment.

Why is this needed?

Keeper SSO Connect provides seamless authentication into the Keeper vault using your identity provider. Normally a user must a approve their new device, or an Admin can approve a new device for a user. The Automator service is totally optional, created for Admins who want to remove any friction associated with device approvals.

To preserve Zero Knowledge and automate the transfer of the Encrypted Data Key (EDK) to the user's device, a service must be run which is operated by the Enterprise (instead of hosted by Keeper). The service can be run several different ways, either in the cloud or self-hosted.

Installation Options

Installation Method: Azure Container App

Installation Method: Azure App Services

Installation Method: Azure App Gateway

Installation Method: AWS Elastic Container Service

Installation Method: AWS Elastic Container Service with KSM

Installation Method: Google Cloud with GCP Cloud Run

Installation Method: Standalone Java

Installation Method: Docker

Installation Method: Docker Compose

Installation Method: Kubernetes

Installation Method: Windows Service


Automator Security

Using the Automator service creates a frictionless experience for users, however it requires that you have fully secured your identity provider.

An in-depth explanation of SSO Connect encryption model is

Depending on your environment, select from one of the following installation methods. The , , and Google are the best choices if you use one of these cloud services.

Please refer to our guide to securing your Keeper environment.

documented here.
Azure Container App
Azure App Services
AWS Elastic Container Service
Cloud with GCP Cloud Run
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
View Instructions
Recommended Security Settings
Automator Video Overview