Enterprise End-User (SSO)
This end-user guide was created for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.
Last updated
Was this helpful?
This end-user guide was created for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.
Last updated
Was this helpful?
Keeper is simple to install, easy to use and you’ll be up and running in just minutes. You can create your Keeper account using either one of the methods below.
Option 1: Click the Set Up Your Account Now button located in the email invitation sent by your Keeper Administrator. Since your Keeper account is deployed through Single Sign-On (SSO) you will automatically be routed to authenticate with your SSO provider to launch your Keeper Vault.
Option 2: Log in to your existing SSO provider dashboard as you normally do and click the Keeper icon to launch your Keeper Vault.
Two-Factor Authentication (2FA) adds an extra layer of security to your vault by requiring a second passcode upon logging in. Some 2FA methods like Duo or RSA, require admin configuration. Others, like the Google or Microsoft Authenticator Apps, can be set up by individual end-users.
Click the Account Dropdown Menu (your email address) then click Settings > Security to enable 2FA for your vault.
You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To begin the import process, click the Account Dropdown Menu (your email address), then click Settings > Import.
The next time you log in to your Keeper Vault, you can either visit the Keeper Vault Login page or your SSO provider dashboard. Both options are described below. To access the Keeper Web Vault Login page, visit:
US Data Center: https://keepersecurity.com/vault
US Public Sector / GovCloud: https://govcloud.keepersecurity.us/vault
EU Data Center: https://keepersecurity.eu/vault AU Data Center: https://keepersecurity.com.au/vault CA Data Center: https://keepersecurity.ca/vault
JP Data Center: https://keepersecurity.jp/vault
Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.
Visit: https://keepersecurity.com/download to download the Keeper App for all of your desktop and mobile devices.
Supported Platforms:
PC, Mac and Linux desktops
Chrome, Firefox, Safari, Edge and IE11 Web Browsers
iOS (iPhone & iPad)
Android (Phones & Tablets)
Enter your email address at Keeper's Vault login page and click Next. You will then be routed to authenticate through your SSO Provider.
From Keeper's Vault Login page, click on the Enterprise SSO Login dropdown menu and select Enterprise Domain and enter your Enterprise Domain (provided by your Keeper Administrator). You will then be routed to authenticate through your SSO Provider.
Keeper provides two ways of authenticating into the Keeper Desktop application with SSO identity providers. By default, the Keeper Desktop app will open the identity provider login screen in a popup window as seen below.
This popup window is part of the Keeper Desktop application and will work for most scenarios. However, if your identity provider requires the use of a FIDO2 WebAuthn device or Passkey for authentication, using the desktop web browser method may be the best option.
To use the web browser on the device for SSO login with the Keeper Desktop app, open the Keeper menu and select "Use Default Browser for SSO".
When this option is selected, clicking "Next" will route you to the desktop web browser. After logging into your SSO provider (or if you already have an active SSO session), the web browser will redirect you back to Keeper Desktop and complete the login process.
Keeper supports IdP-initiated login from the SSO identity provider dashboard (if enabled by your Keeper administrator). Log in to your existing SSO as you normally do then from your SSO dashboard, click the Keeper icon to launch your Keeper Vault.
If you sign into Keeper on a new platform, you may encounter a "device approval" request (SSO Cloud Users Only). Please read the section below - "Device Approvals" for instructions on how to proceed.
If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have two methods of approval to choose from, "Keeper Push" or "Admin Approval".
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.
If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes to approve the new device. Once the device has been approved, you will be able to proceed to your Keeper Vault.
You must be actively logged into a different, recognized/approved device to receive the notification.
Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.
if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.
Keeper's platform supports automated device approvals through a product called the Keeper Automator service. If your Keeper Administrator has configured this service, device approvals will occur automatically upon successfully logging into your SSO identity provider.
Learn more about the Keeper Automator service.
Your passwords, databases, SSH keys, bank accounts and other sensitive data are saved in your private digital Keeper Vault (as "Records") and are encrypted on your device using 256-bit AES.
To begin, click + Create New > Record.
Choose a Record Type from the dropdown menu ("Login" is the default type)
Enter a name for the Record and click Next
Enter the Login (Username or Email)
Enter the Password or click the dice icon to generate one (more on that here)
Enter the Website Address
Enter Notes, add Files & Photos, a Two-Factor Code and Custom Fields
Click Save to finish
For more information, please see our comprehensive Web Vault and Desktop App Guide.
Keeper's Browser Extension called KeeperFill, autofills your logins and passwords into websites and apps. To download KeeperFill for your browser, visit Keeper's Download page. KeeperFill is available for every web browser.
Records appear directly on the home screen as a list, with “Suggested Records” at the top to easily fill the credentials that match the website you're on. Select the record, then click Autofill to fill the credentials into the site's log in form.
When you log into your vault for a second time, you'll be prompted to set up a 24-word recovery phrase. If you forget your Master Password, this feature will help you quickly regain access.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
If Account Recovery is not available, your Keeper Administrator may be able to transfer your vault to another Keeper account.
Keeper Business and Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. Once the user sets up the Family Plan, each family member receives their own vault. They can also share passwords between family members using either Shared Folders or individual record sharing.
Log in to your Keeper Business or Enterprise Web or Desktop Vault.
Click on your email address in the upper-right corner.
Select Account from the dropdown menu.
Enter your personal email in the "Keeper Family License for Personal Use" section.
Click Send Email.
This will create a separate, non-enterprise managed vault which will be associated with your personal email address.
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.
Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data. (1) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Web Vault https://docs.keeper.io/user-guides/import-records-1/import-from-chrome-firefox-ie-edge-and-opera
(2) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Desktop App From the Desktop App, simply click on Settings > Import > click "Import" to begin the import process.
(3) Import from .CSV file https://docs.keeper.io/user-guides/import-records-1/import-a-.csv-file
(4) Import from a structured .JSON file https://docs.keeper.io/user-guides/import-records-1/import-json
(5) Import from LastPass (Fully Automated) https://docs.keeper.io/user-guides/import-records-1/import-from-lastpass
(6) Import from 1Password https://docs.keeper.io/user-guides/import-records-1/import-from-1password
(7) Import from Dashlane https://docs.keeper.io/user-guides/import-records-1/import-from-dashlane (8) Import from Encrypted KeePass (.kdbx) Files https://docs.keeper.io/user-guides/import-records-1/import-from-keepass-kdbx
(9) Import using the Commander CLI https://github.com/Keeper-Security/commander#importing-records-into-keeper
(10) Custom import coding using the Keeper Commander SDK https://github.com/Keeper-Security/commander
More videos are available at: https://keepersecurity.com/support.
For additional information, please see our comprehensive library of end-user guides in the left column of this page.
