LogoLogo
SSO Connect On-Prem
SSO Connect On-Prem
  • Keeper SSO Connect On-Prem
  • Overview
  • System Requirements
  • Installation and Setup
    • Admin Console Configuration
    • Installation - Windows
    • Installation - Linux
      • GUI Configuration
      • Linux Command-line Configuration
      • Running Keeper SSO Connect as a Service on Linux
  • Identity Provider Setup
    • AD FS Configuration
    • Entra ID/Azure AD Configuration
    • AWS SSO Configuration
    • Centrify Configuration
    • F5 Configuration
    • G Suite (Google Workspace) Configuration
    • JumpCloud Configuration
    • Okta Configuration
    • OneLogin Configuration
    • Ping Identity Configuration
    • PingOne Configuration
    • RSA SecurID Access
    • Generic SAML Configuration
  • SSL Certificate Creation
  • High Availability (HA) Configuration
  • Integration with AWS CloudHSM
  • Integration with Gemalto HSM
  • Upgrading SSO Connect On-Prem
  • Update Instructions
  • Updating On-Prem Config
  • Migrating to a new SSO Connect Server
  • Service Management
  • Troubleshooting & FAQs
  • SSO Migration to Cloud
  • Technical Support
  • Links and Resources
  • Docs Home
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page

Was this helpful?

Export as PDF

Updating On-Prem Config

Changing the SSL certificate, hostname, or the metadata configuration in SSO Connect On-Prem

SSO Connect On-Prem SSL certificates must be updated on an annual basis, or there may be times that the metadata.xml file needs to be updated on the SSO Connect server. Follow these instructions:

  1. Login to the SSO Connect On-Prem server and click the "Configuration" tab. Make the desired change (update SSL certificate, hostname change, update IdP SAML metadata, etc.).

  2. Save the changes. (This replicates the changes to the Keeper Cloud).

  3. If multiple SSO Connect servers (HA configuration) are present in your architecture, no further steps are required as each subsequent SSO Connect server will synchronize to the cloud and update. However, to force the sync, click on “Full Sync” on the SSO connect menu on each server.

From the Keeper Cloud perspective, there is no primary or secondary SSO Connect server in an HA configuration. There is a single SSO Connect data back up (per SSO Connect provisioning instance) that synchronizes to all the servers architected for HA.

Do not delete the SSO Connect provisioning instance on the Admin Console. Doing so will remove the configuration and orphan your SSO Connect servers.

PreviousUpdate InstructionsNextMigrating to a new SSO Connect Server

Last updated 1 year ago

Was this helpful?