# Overview

### End-to-End Password Protection Across Your Data Environment

Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including:

* Secure digital vault that can be accessed from any device, running any OS
* Automatic password generation & autofill on all devices
* Compatibility on any system, browser or app
* Zero-knowledge encryption of vault data

This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console.

To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by our Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways.

### Setup Steps

**Important: SSO users and provisioning must exist in a dedicated node that you will create (not in the root node). Before completing these steps, create a new node as shown in the image below.**

![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2F76p0mtmcP3xQvco3rKK9%2Fchrome_j11Devgm0Q.png?alt=media\&token=4feea2b7-b794-4759-b873-6c0a75894598)

Keeper SSO Connect Cloud can be rolled out in 3 easy steps:

1. Create a SSO Connect Cloud instance on the Keeper Admin Console under Provisioning
2. Exchange metadata with your SAML identity provider
3. Set up automated provisioning and/or manually provision users to Keeper

### Device Approvals

An Administrative Permission called "Approve Devices" allows an Administrator to perform device approvals. Admin Approvals can also be automated. See the [Device Approval](https://docs.keeper.io/en/sso-connect-cloud/device-approvals) section for details.

{% hint style="info" %}
A unique "device" includes physical devices as well as browsers and browser profiles.
{% endhint %}

### Benefits

From an administrator's perspective, the cost, risk & labor saving benefits of Keeper SSO Connect Cloud are significant:

* Easy setup, all in one place in Keeper’s existing Admin Console.
* No hosted software to integrate with the IdP
* No additional server costs
* No patching software
* Eliminates a potential single point of failure
* Available 24/7/365 on Keeper’s high availability systems\\