LogoLogo
SSO Connect Cloud
SSO Connect Cloud
  • Keeper SSO Connect Cloud
  • Overview
  • Admin Console Configuration
  • SSO Identity Providers
    • Amazon AWS
    • Auth0
    • Centrify
    • CloudGate UNO
    • DUO SSO
    • Entra ID (Azure AD)
    • F5
    • Google Workspace
      • Google Workspace User and Group Provisioning with Cloud Function
      • Google Workspace User Provisioning with SCIM
    • HENNGE
    • Imprivata
    • JumpCloud
    • Microsoft AD FS
    • Okta
    • OneLogin
    • Ping Identity
    • PingOne
    • Rippling
    • RSA SecurID Access
    • SecureAuth
    • Shibboleth
    • Other SAML 2.0 Providers
  • Passwordless Providers
    • Traitware
    • Trusona
    • Veridium
    • Beyond Identity
  • Device Approvals
    • Keeper Push
    • Admin Approval
    • Keeper Automator Service
      • Version 17.0 Overview
      • Ingress Requirements
      • Azure Container App
      • Azure App Services
      • Azure App Gateway (Advanced)
      • AWS Elastic Container Service
      • AWS Elastic Container Service with KSM (Advanced)
      • Java on Linux
      • Docker on Linux
      • Docker Compose
      • Google Cloud with GCP Cloud Run
      • Kubernetes Service
      • Windows Service
      • Multi-Tenant Mode
      • Custom SSL Certificate
      • Advanced Settings
      • Troubleshooting
    • CLI Approvals
  • Certificate Renewal
  • Logout Configuration
  • User Provisioning
  • System Architecture
  • Security and User Flow
  • Migrate from OnPrem
  • Graphic Assets
  • Links & Resources
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page

Was this helpful?

Export as PDF
  1. SSO Identity Providers

OneLogin

How to configure Keeper SSO Connect Cloud with OneLogin for seamless and secure SAML 2.0 authentication and SCIM provisioning.

PreviousOktaNextPing Identity

Last updated 1 year ago

Was this helpful?

Please complete the steps in the section first.

OneLogin Setup:

  1. Login to the OneLogin portal.

2. Select Administration to enter the admin section.

3. From the onelogin menu select Applications then Add App.

In the Search field, do a search for Keeper Password Manager and select it from the search result.

4. On the Add Keeper Manager screen click Save.

5. The next step is to download the SAML Metadata from OneLogin. Select the down arrow on the MORE ACTIONS button and select SAML Metadata.

Drag and drop or browse to this saved file on the SAML Metadata Section of the Single Sign-On with SSO Connectâ„¢ Cloud section on the Keeper Admin Console.

6. On the Keeper Admin Console, copy the Assertion Consumer Service (ACS) Endpoint field.

7. Back on the OneLogin Configuration tab, paste in the Keeper SSO Connect Assertion Consumer Service (ACS) Endpoint field and then click Save.

8. If SCIM is desired then go back on the Keeper Provisioning tab, click on "Add Method" and select SCIM. If not skip to step to step 12.

9. Click Generate then copy the URL and Token.

10. Paste the "URL" into the SCIM Base URL, and paste the "Token" into the SCIM Bearer Token.

11. On the Keeper Admin Console make sure to Save the SCIM token.

12. Click Save and the integration is complete.

Move existing users/initial admin to SSO authentication

Users created in the root node (top level) will need to be migrated to the sub node that the SSO integration was configured on. If users remain in the root node, they will be prompted for the master password when accessing the vault and/or admin console.

An admin can not move themselves to the SSO enabled node. It requires another admin to perform this action.

After the user is moved to the SSO enabled node, they need to log into the Keeper vault initially by selecting the "Enterprise SSO" pull down and inputting in the Enterprise Domain configured on the SSO integration. The user may get prompted to confirm by entering in the master password.

Once the user has authenticated with SSO, they only need to use their email address moving forward to initiate SSO authentication.

For more detailed configuration of SCIM visit the

They won't have to enter the Enterprise Domain. If typing in the email address and clicking Next does not route the user to the desired SSO, ensure that just-in-time provisioning is enabled in the Keeper SSO configuration and ensure that your email domain is reserved by Keeper. More information regarding routing and domain reservation .

User and Team Provisioning section in the Enterprise Guide
can be found here
Admin Console Configuration
Log into OneLogin.
Add Keeper Password Manager
Save SAML Metadata
Upload Metadata
Paste Assertion Consumer Service Endpoint
Add SCIM Method
Click Generate
Initially select 'Enterprise SSO Login'