Enterprise Guide

Time-Limited Access

Time-Limited Access allows you to securely share records and folders with other Keeper users on a temporary basis.

Overview

Time-Limited Access allows you to securely share credentials or secrets with other Keeper users on a temporary basis, automatically revoking access at a specified time. Time-Limited Access prevents long standing privileges and ensures that information is removed from the recipient’s vault, greatly reducing the risk of unauthorized access.

Key Benefits

  • Revoked access at a specified time designated by the record owner, minimizing the workload on the owner to remove the share at a later time.

  • Enhances security as traditional short term sharing has been done in insecure ways like using sticky notes, text messages or instant messengers.

  • Simplified compliance with event tracking on all sharing activity, ensuring least privilege access is maintained.

  • When paired with Keeper Secrets Manager (KSM) automatic service account rotation capabilities, users can schedule rotation of the shared credential upon the expiration of access, ensuring the recipient never has standing privilege

Share a Record

Select the record from your vault and click Share, entering their email address or selecting it from your contacts list. Set their permission level and click Add.

Select the “Permissions” dropdown and click Set Expiration. Here you can select one of the default expirations or click custom date and time to set your own. Next, check the box if you would like the record owner, such as yourself, or users with edit access to be notified via email when the recipient's record access expires. Click Done to save.

The recipient of a shared record with time-limited access may have "view" and "edit" permissions but will not be able to share the record. If "share" permissions are applied, the expiration will be removed.

Share a Folder

Open the shared folder from your vault and click the edit icon and from the “Users” tab, add the user or team you would like to share the folder with.

Set their permissions and from the dropdown menu click Set Expiration, following the same steps you would for a single record share (described above).

Next, check the box if you would like users with "can manage records" permissions over the folder to be notified via email when the recipient's record access expires. Click Done to save.

The recipient of a shared folder with time-limited access may have "can manage records" permissions, but the ability to "manage users" is restricted. If these permissions are applied, the expiration will be removed.

PreviousShare AdminNextSelf-Destructing Records

Last updated