Admin Console 16.16.0

Released on Jan 15, 2024

Overview

This release provides two major features to business and enterprise customers: Granular Sharing Enforcements and Security Key as the Only 2FA Method.

Granular Sharing Enforcements

  • KA-5689: Keeper's Granular Sharing Enforcements enable administrators to apply detailed restrictions for record creation and sharing to user roles. Administrators can configure these enforcements in the “Creating and Sharing” section within role enforcement policies.

Video: Granular Sharing Enforcements


Security Key as the Only 2FA Method

  • KA-5628: Keeper Administrators can now enforce the use of a hardware-based security key as the only two-factor method via a role enforcement policy setting. Additionally, administrators can now require a PIN to be entered in conjunction with the key, for FIDO2 user verification. Click here for more information on FIDO2 Security Keys.

Video: Security key as the Only 2FA Method

Security Key as the Only 2FA Method

Important Notes Regarding Security Key Enforcement

Enforcing the use of a FIDO2 hardware security key has several implications for users which admins need to be aware of. The below items are updated as of January 15, 2024.

  1. Support for enforcing a FIDO2 Security Key can vary based on the device operating system and device firmware capabilities.

  2. Keeper on iOS requires using NFC keys.

  3. The activation of security keys as the only factor requires the use of the Web Vault or Desktop App. Enrollment of security keys as the only factor on iOS/Android will be rolled out in a later release.

  4. Some components of the mobile application do not support NFC hardware keys natively, such as iOS app extensions (during Autofill functions). Keeper's iOS team has a workaround for this issue in development, and this update will be published at the end of January 2024 with Keeper iOS Version 16.10.10. The solution is to extend the login session between iOS main app and iOS autofill extension to reduce the need for re-authentication.

  5. The PIN requirement is supported based on the capabilities of the device. As of this writing, mobile OS support for PIN enforcements is limited. We do not recommend enforcing the PIN if users are accessing Keeper on their mobile device.

Last updated