Login Screen

Keeper Connection Manager User Guide - Login Screen


The login screen is the first screen users see when they access Keeper Connection Manager. Users use a username and password, or SSO credentials to authenticate into the rest of the platform.

Logging In


Users use their username to login to Keeper Connection Manager. This username is set when creating or importing users.

The KCM username is sometimes an email address, but it can be a non-email username as well.


The user's password. Set when creating or importing the user. Passwords can also be reset by users if allowed.

TIP: The Keeper Browser Extension can be used to automatically fill in the Keeper Connection Manager username and password!

Other Login Methods

See the authentication documentation pages for more information about setting up additional login methods such as LDAP, SAML 2.0, and OpenID Connect as well as information on setting up 2FA

pageAuthentication Options

Login Attempt Limits

As of KCM version 2.9.6, KCM can be configured to limit a user's ability to login after multiple consecutive failed login attempts. This blocks brute-force login attacks on KCM instances.

By default KCM will lock a user out of logging in for 5 minutes after 5 failed attempts

This setting can be removed, and the number of attempts before a user is locked out and how long they are locked for can be configured with the following guacamole properties or environment variables (depending on installation method):

Docker Compose PropertyEnvironment VariableTypeDescriptions




The number of invalid attempts before a user is locked out




The amount of time in seconds a user is locked out for after hitting the invalid attempts limit




The number of addresses that KCM will track to check for invalid attempts. Defaults to 10485760

Last updated