Keeper Admin Console Overview

The Keeper Admin Console provides administrative controls, user onboarding, reporting and auditing.


Business customers login to the Keeper Admin Console to manage their environment. In the Admin Console, you can invite users, configure provisioning methods (SSO, SCIM, AD, etc..), set role policies, manage teams, run reports and monitor security. The Admin Console scales to organizations of any size.


When you first log in to the Admin Console, you will land on the Dashboard which will provide an overview of high level data on your user activity and overall security status.

The Dashboard provides oversight of the following:

  • Top Events and link to Timeline Chart

  • Security Audit Overall Score

  • BreachWatch Overall Score

  • User Status Summary

To download a user status report that displays a list of all users including: Email, Name, Active/Invited status, Locked/Disabled status, Blocked/Pending Transfer, last login, nodes, roles, and teams, click on the (...) and then click Download.


From the Admin screen, you can access Nodes, Users, Roles, Teams, 2FA settings, and User Provisioning.


Nodes provide a method to organize your users, roles, teams and administrators into distinct groupings, similar to organizational units in Active Directory. The administrator can create nodes based on location, department, division or any other structure that makes sense for your organization. Nodes can have completely independent sets of users, role enforcement policies, administrators and provisioning methods.

By default, the top-level node, or Root Node is set to the organization name and all Nodes can be created underneath. Depending on your organization you may or may not need to set up nodes.

  • Small teams may not need multiple nodes and will be able to administer users, roles and teams from the default root node only.

  • Larger teams may benefit from organizing by location or department across multiple nodes.

Node Isolation

Users and Teams within different nodes can have levels of visibility and sharing capability within the Keeper Vault. If full node isolation is required between users of different node trees, please contact Keeper support to activate this special backend feature.

For more information on node isolation click here.


All employees or users you choose to deploy Keeper to are responsible for managing their own encrypted vault. Every user's vault can be made up of private records or shared records. Users can be provisioned many different ways. Users can be required to set up a Master Password or they can be provisioned and authenticated through your SSO provider. For more information about provisioning, read the User and Team provisioning section.

Business and Personal Vaults

We recommend separating your personal, private records from your business records by creating two separate user accounts. All business end-users receive a free Keeper Family Plan. When enforcements are applied to the organization (such as Account Transfer privileges), only the business vault is affected.


Roles provide the organization the ability to define enforcements based on a user's job responsibility as well as provide delegated administrative functions. Learn more about roles.

Permissions for Administrators are also configurable here which toggle whether an Admin can manage nodes, users, teams, roles, SSO, AD Bridge, User Account Transfer and Run Reports.

Important: Account Transfer is an optional feature that should be configured by the Keeper Administrator during the initial deployment phase of the Keeper rollout. The reason for this is because Account Transfer relies on the sharing of encryption keys between users that have rights to perform the transfer. For more information, refer to Account Transfer.


The purpose of creating Teams is to give users the ability to share the records and folders within their vaults with logical groupings of individuals. The administrator simply creates the team, sets any Team Restrictions (edit/viewing/sharing of passwords) and adds individual users to the team. Teams can also be used to easily assign Roles to entire groups of users to ensure the consistency of enforcement policies across a collective group of individuals.

Automated Provisioning

As you prepare to rollout Keeper to your organization, consider one of the following options when inviting users:

Additional Secure Add Ons

Access to additional Secure Add-On functionality can be accessed through the Admin Console "Subscriptions" and "Secure Add Ons" screen:

Video Overview

For a more thorough overview of Keeper Enterprise watch the video below.

Keeper Enterprise Demo 2021

Last updated