Overview
High level overview of Keeper SSO Connect™ Cloud
Last updated
Was this helpful?
High level overview of Keeper SSO Connect™ Cloud
Last updated
Was this helpful?
Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including:
Secure digital vault that can be accessed from any device, running any OS
Automatic password generation & autofill on all devices
Compatibility on any system, browser or app
Zero-knowledge encryption of vault data
This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console.
To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by our Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways.
Important: SSO users and provisioning must exist in a dedicated node that you will create (not in the root node). Before completing these steps, create a new node as shown in the image below.
Keeper SSO Connect Cloud can be rolled out in 3 easy steps:
Create a SSO Connect Cloud instance on the Keeper Admin Console under Provisioning
Exchange metadata with your SAML identity provider
Set up automated provisioning and/or manually provision users to Keeper
From an administrator's perspective, the cost, risk & labor saving benefits of Keeper SSO Connect Cloud are significant:
Easy setup, all in one place in Keeper’s existing Admin Console.
No hosted software to integrate with the IdP
No additional server costs
No patching software
Eliminates a potential single point of failure
Available 24/7/365 on Keeper’s high availability systems
An Administrative Permission called "Approve Devices" allows an Administrator to perform device approvals. Admin Approvals can also be automated. See the section for details.