Keeper Enterprise

Keeper is a cybersecurity platform for preventing password-related data breaches and cyberthreats.

Keeper Enterprise provides the highest levels of security and at the same time provides a simple user experience - with millions of users worldwide, Keeper is the proven industry leader.

Keeper is SOC 2 Certified, ISO27001 Certified, FedRAMP Authorized and StateRAMP Authorized. Keeper's encryption has been certified by the NIST CMVP and validated to the FIPS 140 standard by accredited third party laboratories.

Keeper Enterprise Demo

Below is a 25-minute demonstration of the Keeper Enterprise platform.

For a personalized demo with a Sales Engineer: Request a Demo Passwords are the single greatest cause of a data breach. 81% of data breaches are due to weak or stolen passwords. Password management solutions provide an affordable and simple way for companies to solve the root cause of most data breaches. By helping businesses generate strong passwords as well as manage and securely share them among teams, they significantly reduce the risk of a data breach.

Zero-Knowledge Security Architecture

Keeper's architecture is the most secure in the industry. Built from the ground up with record-level encryption and client-side key generation, the foundation of Keeper Enterprise is built upon a model that ensures only the user is able to decrypt and access their privileged information.

The Keeper platform is built on an access layer and encryption layer. Access and authentication controls who is able to sync the encrypted ciphertext, and client-side encryption controls who is able to physically encrypt/decrypt the data. This foundation is what gives Keeper the ability to apply the most granular level of protection to user data and enables the core features and capabilities of the product.

Users, Roles, Teams, Records and Shared Folders are all protected and managed through the use of client-side generated keys. This complex distribution of keys is completely managed by the software with a simple and easy-to-use user interface.

pageKeeper Encryption and Security Model Details

Multi-Platform Access

Keeper is a cross-platform solution that provides full capabilities from every major platform and device including iOS, Android, Windows, Mac and Linux. Browser plugins are compatible with Chrome, Firefox, Edge, Safari and Internet Explorer.

The Keeper Administrator can restrict vault access to specific platforms based on security requirements of the enterprise. End-user vault applications can be used completely independent of one another, or used together. For example, using the Web Vault or Desktop Application does not require the installation of a browser plugin.

The Keeper Vault is available on all devices and computers, with award-winning native applications:

Native Desktop Apps

  • Windows

  • Mac

  • Linux

Browser-Based Apps

  • Chrome

  • Edge

  • Safari

  • Firefox

  • Brave

  • Other Chromium-based Browsers

Native Mobile Apps

  • iOS

  • Android

  • Chrome, Firefox, Edge, IE and Safari Browsers

Key Differentiators

Keeper was named Best Password Manager by PC Mag in 2018, 2019, 2020 and 2021. Some of the reasons that customers select Keeper over the competition are listed below.

Keeper Fills Security Gaps in Single Sign-On

SSO and SAML simplify login to many cloud applications, however, it does have its limitations. Keeper (with Keeper SSO Connect) complements the two major gaps with your SSO deployment:

  • Offering privileged access to applications that don’t support SAML protocols.

  • Enabling non-password use cases, such as management and sharing of digital certificates, SSH keys, API keys, secret notes, lists, files and more.

With Keeper SSO Connect, you can easily add Keeper to the apps that your IdP services. Whether you use AD FS, Azure, Okta, Google Workspace, Centrify, Ping, JumpCloud or any other SAML 2.0 Identity Provider, Keeper will easily integrate. Keeper SSO Connect logs the user directly into their encrypted vault while maintaining full zero knowledge. With SSO integration, there is also no master password to remember. Keeper SSO Connect is available as a customer-hosted or cloud-hosted high availability solution that preserves zero knowledge and allows the end-user to authenticate directly into their vault.

For more information about Keeper SSO Connect, visit our web page:

Implement Zero Trust

Keeper's Zero-Trust Platform seamlessly integrates into any existing identity stack and infrastructure.

Keeper's least-privilege access model, encryption model and role-based access model support the zero trust implementation guidelines of NIST and provide organizations with a substantial leap forward in the journey towards zero trust.

For reference, see the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207 document which provides the following operative definition of zero trust and ZTA:

Global Regions

Keeper provides customers with the selection of geographic regions where data resides in-country.

  • United States

  • GovCloud US

  • Ireland

  • Frankfurt

  • Australia

  • Canada

  • Japan

Role-Based Enforcement Policies

The ability to provide least privileged access to an employee is critical in the deployment of an Enterprise Password Manager. Keeper gives fine-grained control over what users are capable of accessing and managing within the platform through the use of customizable role policies. By providing a flexible role policy engine, you can lock down restrictions and access based on the risk profile of the employee. For example, you may want your IT Admins to be restricted from accessing their vault outside of the office network. Or you may want administrative assistants the ability to onboard new users, manage teams and run reports. The entire process is fully customizable through a user friendly interface. Role Enforcements Include:

  • Password Complexity Rules and Biometrics

  • Multi-Factor Authentication, Token Expiration and Device Restriction

  • Offline Access Restrictions

  • Allow IP Listing, Sharing and Data Export Restrictions

  • Account Transfers (employee offboarding and break-glass scenarios)

  • Administrative Permissions

Delegated Administration

Keeper Administrators can create organizational units (called Nodes). A role can be given Administrative permissions over the node (or sub-nodes) for which a role exists. This delegated administration allows different people in the organization to have management controls over subsets of teams of users, roles and shared folders. Users within different nodes can be provisioned and authenticated with different methods.

Eliminate the Risk of Critical Data Loss

Keeper's Zero Knowledge Account Transfer capabilities provide Enterprise customers with the peace of mind that an employee will never walk away with critical data when they leave the organization.

Increase Productivity Gains

Since 50% of help desk calls are estimated to be password related, there is a significant productivity gain by rolling out a password manager to your organization. When employees don't need to worry about remembering passwords, the cost savings are massive.

Meet Compliance Needs

Compliance is becoming even more complex with requirements mandating internal control policies and standards. Organizations in heavily regulated industries are audited for password enforcement policies and practices. Keeper's password security platform solves many of compliance and regulation enforcement requirements that organizations face. Keeper Security is the most certified solution in the industry:

  • SOC 2 Certified

  • ISO27001 Certified

  • FIPS 140-2 Validated

  • GDPR Compliant

  • GSA Certified

  • SAM Certified

  • Compliant with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”)

  • ITAR Compliant

  • FedRAMP Authorized

  • StateRAMP Authorized

Keeper Security is listed as Authorized on the FedRAMP Marketplace with an authorization date of 8/23/2022.

See: The Federal Risk And Management Program Dashboard (

Supports ITAR Requirements

Keeper supports compliance with United States International Traffic in Arms Regulations (ITAR). Companies that are subject to ITAR export regulations must control unintended exports by restricting access to protected data to U.S. Persons, and by restricting physical location of protected data to the U.S.

Keeper’s FedRAMP Moderate environment supports ITAR requirements through the following:

  • Fully compliant data storage hosted on AWS GovCloud and restricted to the U.S.

  • Secure data encryption in transit and at rest.

  • Zero knowledge and zero trust security, in conjunction with granular permissions, allows organizations to ensure that only approved personnel can access sensitive data.

  • Robust compliance reporting features provide a traceable, electronic audit trail of all actions performed and data entered.

  • Sequestered Customer Success team comprised of U.S. Persons specifically trained in safe handling of Export Controlled and ITAR-governed data.

  • No non-U.S. based support on public sector environments.

The Keeper FedRAMP environment has been audited by an independent third-party assessment organization (3PAO) to validate that proper controls are in place to support customer export compliance programs.

For more information about ITAR, please visit

Last updated