Links to resources, troubleshooting and release notes
Release Notes and Latest Updates: https://docs.keeper.io/release-notes/ Just Released: https://docs.keeper.io/release-notes/latest-updates Troubleshooting and Known Issues: https://docs.keeper.io/release-notes/troubleshooting
End-user Master Password Reset: https://docs.keeper.io/user-guides/troubleshooting/reset-your-master-password Troubleshooting Browser Extension issues: https://docs.keeper.io/user-guides/troubleshooting/troubleshooting-with-support Troubleshooting Autofill Issues: https://docs.keeper.io/user-guides/troubleshooting/autofill-issues Troubleshooting Vault Issues: https://docs.keeper.io/user-guides/troubleshooting/troubleshooting-vault-issues Clearing Browser Cache: https://docs.keeper.io/user-guides/troubleshooting/clearing-browser-extension-cache Turning on Stay Logged In: https://docs.keeper.io/user-guides/tips-and-tricks/stay-logged-in Using TOTP Codes with Azure / Office365: https://docs.keeper.io/user-guides/tips-and-tricks/using-keeper-totp-with-office-365 Supporting Multiple Domains on the Same Record: https://docs.keeper.io/user-guides/tips-and-tricks/one-record-with-multiple-url-domains Using the KeeperFill Right-Click Menu: https://docs.keeper.io/user-guides/tips-and-tricks/keeperfill-right-click-menu
Recovery of a user's vault through Vault Transfer
In the event of a user forgetting their master password, the normal recovery procedure is for the user to select "Need Help?"-> "Forgot Master Password" from the Web Vault or Desktop App login screen. This allows end users a self-service reset by answering their custom security question and answer. In the event a user never setup or forgot their custom security answer, "Vault Transfer" can be used to recover the account. This assumes vault transfer was configured and accepted by the end user prior to getting locked out.
To learn about how to set up Vault Transfer, see this link
Add / create a temporary user to assist in the account transfer.
Add the temporary user to the same vault transfer role as the locked-out user.
Log into the temporary user's web vault and accept the transfer agreement. Logging in will also move the user from "Invited / Pending" to an "Active" status.
Log out of the temporary user's web vault.
Log into the Admin Console.
Inspect / document the locked out users role and team memberships. This information will be needed to re-create the account.
Perform a vault transfer of the locked user to the new temporary user. The original account will be deleted as part of the transfer operation.
Re-create the original locked user account. An email will be sent to the user inviting them to the platform instance.
Have the user login once so they are moved from an "Invited" to an "Active" status.
Once the user is in an "Active" status, add the user to the role which has vault transfer enabled. At this point in time, you can add them to any other required team and or role memberships.
Have the user log back into their vault and accept the vault transfer agreement. This step can be skipped if your vault transfer policy belongs to a role with "Add role to new users created in this Node and Sub nodes" enabled.
Within the Admin Console, transfer the temporary user's vault back to the original account.
Details on the vault transfer procedure are available here:
https://docs.keeper.io/enterprise-guide/account-transfer-policy.
Process to move a vault between data center regions
Occasionally a user may have a pre-existing Keeper vault tied to their organization's email address that resides in a region outside of where the subscription has been setup in. Due to GDPR compliance, Keeper can not relocate a user's vault from one region to another. For example, if a user created a vault in the US datacenter and an organization creates a subscription in which their encrypted data resides in the EU datacenter (or vice versa), Keeper can not move a vault into the other region as regions are completely isolated from one another. Instead, the user who owns the data will have to migrate their data themselves. This section is designed to help them with that migration.
If it's simply a matter that the vault was created with a work email address, but the data inside the vault is personal, the quickest solution is to change the email address associated with the user's vault to something other than their work email address. (For guidance on changing the email address, see the Settings section of the user vault guide). Once that's complete, the Admin can re-invite the user and they will receive the invitation to create their work vault. If the vault was created with the intention to be the work vault, but it was created in the wrong region, continue with the email change, but continue to step 2. If the data in the vault is meant to be for personal reasons no further steps required. Proceed to step 3.
Now that the vault has been re-associated with a new email address, the next step to migrate the data is to export the records to a .json
file. For more information on this step see the Vault Export guide.
If not done already, the organization's Keeper Administrator will need to onboard the account (under the work email address) and an invitation will be sent. Create the new vault under the work email address.
The .json
file created in step 2 will now be imported into the new vault. Follow the .json
import steps from the Password Import section.