LogoLogo
SSO Connect Cloud
SSO Connect Cloud
  • Keeper SSO Connect Cloud
  • Overview
  • Admin Console Configuration
  • SSO Identity Providers
    • Amazon AWS
    • Auth0
    • Centrify
    • CloudGate UNO
    • DUO SSO
    • Entra ID (Azure AD)
    • F5
    • Google Workspace
      • Google Workspace User and Group Provisioning with Cloud Function
      • Google Workspace User Provisioning with SCIM
    • HENNGE
    • Imprivata
    • JumpCloud
    • Microsoft AD FS
    • Okta
    • OneLogin
    • Ping Identity
    • PingOne
    • Rippling
    • RSA SecurID Access
    • SecureAuth
    • Shibboleth
    • Other SAML 2.0 Providers
  • Passwordless Providers
    • Traitware
    • Trusona
    • Veridium
    • Beyond Identity
  • Device Approvals
    • Keeper Push
    • Admin Approval
    • Keeper Automator Service
      • Version 17.0 Overview
      • Ingress Requirements
      • Azure Container App
      • Azure App Services
      • Azure App Gateway (Advanced)
      • AWS Elastic Container Service
      • AWS Elastic Container Service with KSM (Advanced)
      • Java on Linux
      • Docker on Linux
      • Docker Compose
      • Google Cloud with GCP Cloud Run
      • Kubernetes Service
      • Windows Service
      • Multi-Tenant Mode
      • Custom SSL Certificate
      • Advanced Settings
      • Troubleshooting
    • CLI Approvals
  • Certificate Renewal
  • Logout Configuration
  • User Provisioning
  • System Architecture
  • Security and User Flow
  • Migrate from OnPrem
  • Graphic Assets
  • Links & Resources
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • Overview
  • MSP with Multiple Managed Companies
  • Multi-Tenant Enterprise

Was this helpful?

Export as PDF
  1. Device Approvals
  2. Keeper Automator Service

Multi-Tenant Mode

Setting up multiple tenants in a single Automator instance

PreviousWindows ServiceNextCustom SSL Certificate

Last updated 1 year ago

Was this helpful?

Overview

Keeper Automator supports a multi-tenant configuration, so that a single deployment can perform automations for multiple Keeper Enterprise environments.

  • For MSP environments, a single Keeper Automator instance can be used to run multiple Managed Companies.

  • For Enterprise customers, a single instance can process approvals for any number of identity providers.

Once the server is running, you can use it for multiple SSO nodes, even in different enterprises.

MSP with Multiple Managed Companies

The steps for activating one Automator instance for multiple Managed Companies is below:

(1) Login to Commander as the MSP Admin

My Vault> login my_msp_admin@company.com

(2) Switch context to the Managed Company

My Vault> msp-info

MSP Plans and Licenses
-----------------------
  #  Plan Id           Available Licenses    Total Licenses    Stash
---  --------------  --------------------  ----------------  -------
  1  business                          83               100        0
  2  businessPlus                      50               100        0
  3  enterprise                        80               100        0
  4  enterprisePlus                    85               100        0

  #      ID  Name                     Plan              Allocated    Active
---  ------  -----------------------  --------------  -----------  --------
  1   81386  Demo Managed Co. LLC     enterprisePlus            5         0
  2   81344  Elite Auto Works         business                  5         4
  3  114391  John's Garage            enterprisePlus            5         0
  4  114392  John's Garages           enterprisePlus            5         0
  5   81345  Perfect Teeth Dental     businessPlus             50         4
  6  114281  Test                     business                 12         0
  7   81346  Troy Financial Services  enterprise               20         0

Find the MC you want to set up, select the ID and then type:

switch-to-mc <ID>

(3) Create an Automator instance

Use the common Automator URL in the "edit" step

For example:

My Vault> automator create --name="Tenant1" --node="SSO Node"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>

(4) Switch back to MSP

Switch back to the MSP Admin context

My Vault> switch-to-msp

For each Managed Company, repeat the above 4 steps.

Multi-Tenant Enterprise

The steps for activating one Automator instance for multiple Nodes in the same Enterprise tenant is below:

(1) Login to Commander as Admin

My Vault> login admin@company.com

(2) Create the Automator Instance

For each Node, use the same "edit" URL. For example:

My Vault> automator create --name="Tenant A" --node="<node_name>"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>

Then, simply set up another instance with the same URL endpoint:

My Vault> automator create --name="Tenant B" --node="Azure"
My Vault> automator edit --url=https://my.company.com:8089 --skill=team --skill=team_for_user --skill=device <Automator ID>
My Vault> automator setup <Automator ID>
My Vault> automator init <Automator ID>
My Vault> automator enable <Automator ID>

Note that they have different names and IDs and are assigned to different nodes but they use the same URL.

Repeat step (2) for every node to set up multiple tenants on the same Automator instance.