LogoLogo
SSO Connect Cloud
Docs HomeKeeper Connection ManagerUser GuidesRelease NotesEnterprise GuideMSP GuideSSO Connect CloudKeeperPAM and Secrets ManagerSSO Connect On-PremKeeper Bridge
SSO Connect Cloud
Docs HomeKeeper Connection ManagerUser GuidesRelease NotesEnterprise GuideMSP GuideSSO Connect CloudKeeperPAM and Secrets ManagerSSO Connect On-PremKeeper Bridge
  • Keeper SSO Connect Cloud
  • Overview
  • Admin Console Configuration
  • SSO Identity Providers
    • Amazon AWS
    • Auth0
    • Centrify
    • CloudGate UNO
    • DUO SSO
    • Entra ID (Azure AD)
    • F5
    • Google Workspace
      • Google Workspace User and Group Provisioning with Cloud Function
      • Google Workspace User Provisioning with SCIM
    • HENNGE
    • Imprivata
    • JumpCloud
    • Microsoft AD FS
    • Okta
    • OneLogin
    • Ping Identity
    • PingOne
    • Rippling
    • RSA SecurID Access
    • SecureAuth
    • Shibboleth
    • Other SAML 2.0 Providers
  • Passwordless Providers
    • Traitware
    • Trusona
    • Veridium
    • Beyond Identity
  • Device Approvals
    • Keeper Push
    • Admin Approval
    • Keeper Automator Service
      • Version 17.0 Overview
      • Ingress Requirements
      • Azure Container App
      • Azure App Services
      • Azure App Gateway (Advanced)
      • AWS Elastic Container Service
      • AWS Elastic Container Service with KSM (Advanced)
      • Java on Linux
      • Docker on Linux
      • Docker Compose
      • Google Cloud with GCP Cloud Run
      • Kubernetes Service
      • Windows Service
      • Multi-Tenant Mode
      • Custom SSL Certificate
      • Advanced Settings
      • Troubleshooting
    • CLI Approvals
  • Certificate Renewal
  • Logout Configuration
  • User Provisioning
  • System Architecture
  • Security and User Flow
  • Migrate from OnPrem
  • Graphic Assets
  • Links & Resources
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • End-to-End Password Protection Across Your Data Environment
  • Setup Steps
  • Device Approvals
  • Benefits

Was this helpful?

Export as PDF

Overview

High level overview of Keeper SSO Connect™ Cloud

PreviousKeeper SSO Connect CloudNextAdmin Console Configuration

Last updated 11 months ago

Was this helpful?

End-to-End Password Protection Across Your Data Environment

Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including:

  • Secure digital vault that can be accessed from any device, running any OS

  • Automatic password generation & autofill on all devices

  • Compatibility on any system, browser or app

  • Zero-knowledge encryption of vault data

This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console.

To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by our Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways.

Setup Steps

Important: SSO users and provisioning must exist in a dedicated node that you will create (not in the root node). Before completing these steps, create a new node as shown in the image below.

Keeper SSO Connect Cloud can be rolled out in 3 easy steps:

  1. Create a SSO Connect Cloud instance on the Keeper Admin Console under Provisioning

  2. Exchange metadata with your SAML identity provider

  3. Set up automated provisioning and/or manually provision users to Keeper

Device Approvals

A unique "device" includes physical devices as well as browsers and browser profiles.

Benefits

From an administrator's perspective, the cost, risk & labor saving benefits of Keeper SSO Connect Cloud are significant:

  • Easy setup, all in one place in Keeper’s existing Admin Console.

  • No hosted software to integrate with the IdP

  • No additional server costs

  • No patching software

  • Eliminates a potential single point of failure

  • Available 24/7/365 on Keeper’s high availability systems

An Administrative Permission called "Approve Devices" allows an Administrator to perform device approvals. Admin Approvals can also be automated. See the section for details.

Device Approval