Enterprise End-User (SSO)
This guide details the account creation and login process for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.
Create Your Keeper Account
Your Keeper vault is easy to create, simple to use and you’ll be up and running in just minutes. You can create and access your Keeper vault by either logging in directly from Keeper via an email invitation from your Keeper Administrator or from your SSO provider dashboard.
Create Your Account - Email Invitation
You may have received an email from your organization's Keeper Administrator inviting you to create a Keeper account with a subject line that reads: "Action Required >> Instructions for Your Keeper Security Account"
To create your Keeper account, click the yellow action button that by default says "Set Up Your Account Now", however, your organization may have chosen to customize the exact wording.
Since your Keeper account is deployed through your Single Sign-On Identity Provider (IdP) integration, you will automatically be routed to authenticate against your IdP if a current SSO session is not active.
Once you have successfully authenticated to the IdP, you will be routed to your Keeper vault. Upon accessing your vault, you may receive a "Vault Transfer" acceptance dialog.
Next, you will be guided through a "Quick Start" walkthrough, that will help you either import passwords from your browser or other password manager (if enabled by your Keeper Admin) or manually create new records.
Please note, the Quick Start module may be disabled by your Keeper Admin.
Create Your Account - SSO Dashboard
Alternatively, you can create your Keeper account by visiting your SSO provider dashboard. This is called "Identity Provider-initiated login". First, log in to your existing Single Sign-On identity provider as you normally do.
You will observe your Keeper administrator has integrated Keeper into your identity provider dashboard. Simply click the Keeper icon to launch the Keeper application.IdP-Initiated Login
You will be guided through a "Quick Start" walk through, that will help you either import passwords from your browser or other password manager (if enabled by your Keeper Admin) or manually create new records.
Please note, the Quick Start module may be disabled by your Keeper Admin.
Login Flows
Once your Keeper account has been created, logging into your Keeper Vault is both easy and secure. Users can do so from either Keeper's vault login page or from their SSO provider dashboard.
Keeper Initiated Login
You can login to Keeper by entering either your email address or Enterprise Domain at Keeper's login page.
Login to your Keeper vault by region:
Email Address Login
From the Keeper vault login page, enter your email address and click Next
You will automatically be routed to your Identity Provider to sign in. Once you have successfully authenticated to the IdP, you will be routed to your Keeper vault.
Enterprise Domain Login
From the Keeper vault login page, select Enterprise SSO Login > Enterprise Domain
Enter your Enterprise Domain and click Connect
Please note, the Enterprise Domain is provided by your Keeper administrator.
You will automatically be routed to your Identity Provider to sign in. Once you have successfully authenticated to the IdP, you will be routed to your Keeper vault.
SSO Initiated Login
Log in to your existing Single Sign-On identity provider as you normally do.
Simply click the Keeper icon to launch the Keeper application and you will be routed to your Keeper vault.
Device Approvals
If you sign into Keeper on a new platform, you may encounter a "device approval" notification (SSO Cloud Users Only). If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper vault. Users have two methods of approval to choose from, Keeper Push or Admin Approval.
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.
Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.
If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes
to approve the new device.
You must be actively logged into a different, recognized/approved device to receive the notification.
Alternatively, if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.
Please note, your Keeper Admin may have configured automatic approvals, in which case the request is handled within 15 seconds.
Last updated