Login Screen

Keeper Connection Manager User Guide - Login Screen

About

The login screen is the first screen users see when they access Keeper Connection Manager. Users use a username and password, or SSO credentials to authenticate into the rest of the platform.

Logging In

Username

Users use their username to login to Keeper Connection Manager. This username is set when creating or importing users.

The KCM username is sometimes an email address, but it can be a non-email username as well.

Password

The user's password. Set when creating or importing the user. Passwords can also be reset by users if allowed.

TIP: The Keeper Browser Extension can be used to automatically fill in the Keeper Connection Manager username and password!

Other Login Methods

See the authentication documentation pages for more information about setting up additional login methods such as LDAP, SAML 2.0, and OpenID Connect as well as information on setting up 2FA

Authentication Options

Login Attempt Limits

As of KCM version 2.9.6, KCM can be configured to limit a user's ability to login after multiple consecutive failed login attempts. This blocks brute-force login attacks on KCM instances.

By default KCM will lock a user out of logging in for 5 minutes after 5 failed attempts

This setting can be removed, and the number of attempts before a user is locked out and how long they are locked for can be configured with the following guacamole properties or environment variables (depending on installation method):

Docker Compose PropertyEnvironment VariableTypeDescriptions

ban-max-invalid-attempts

BAN_MAX_INVALID_ATTEMPTS

number

The number of invalid attempts before a user is locked out

ban-address-duration

BAN_ADDRESS_DURATION

number

The amount of time in seconds a user is locked out for after hitting the invalid attempts limit

ban-max-addresses

BAN_MAX_ADDRESSES

number

The number of addresses that KCM will track to check for invalid attempts. Defaults to 10485760

Last updated