# Overview ### End-to-End Password Protection Across Your Data Environment Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including: * Secure digital vault that can be accessed from any device, running any OS * Automatic password generation & autofill on all devices * Compatibility on any system, browser or app * Zero-knowledge encryption of vault data This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console. To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by our Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways. ### Setup Steps **Important: SSO users and provisioning must exist in a dedicated node that you will create (not in the root node). Before completing these steps, create a new node as shown in the image below.** ![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2F76p0mtmcP3xQvco3rKK9%2Fchrome_j11Devgm0Q.png?alt=media\&token=4feea2b7-b794-4759-b873-6c0a75894598) Keeper SSO Connect Cloud can be rolled out in 3 easy steps: 1. Create a SSO Connect Cloud instance on the Keeper Admin Console under Provisioning 2. Exchange metadata with your SAML identity provider 3. Set up automated provisioning and/or manually provision users to Keeper ### Device Approvals An Administrative Permission called "Approve Devices" allows an Administrator to perform device approvals. Admin Approvals can also be automated. See the [Device Approval](/en/sso-connect-cloud/device-approvals.md) section for details. {% hint style="info" %} A unique "device" includes physical devices as well as browsers and browser profiles. {% endhint %} ### Benefits From an administrator's perspective, the cost, risk & labor saving benefits of Keeper SSO Connect Cloud are significant: * Easy setup, all in one place in Keeper’s existing Admin Console. * No hosted software to integrate with the IdP * No additional server costs * No patching software * Eliminates a potential single point of failure * Available 24/7/365 on Keeper’s high availability systems\\ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/en/sso-connect-cloud/overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.