Creating and Inviting Users

Methods for creating user account with Commander


There are two methods for creating user accounts with Commander:

  • Invite users to an enterprise with the enterprise-user --add command

  • Create new user accounts and vaults with the create-user command

This page will go over the usage of each method.

Which method should I use?

In most cases the best method to use is to invite new users with enterprise-user --add which will send vault creation instructions to new users' email.

create-user may be useful in special circumstances where it is necessary for an administrator to have immediate access to a new vault, or when records need to be shared to a new vault right away.

Enterprises that require MFA or SSO Login will need to have these credentials available for each new user if using the create-user command.

Invite Users to an Enterprise

Use Commander to invite users to an enterprise by their email address.

To invite users to your enterprise using Commander, use the enterprise-user command with the --add flag.


enterprise-user --add

The invited user's display name can be pre-set by adding the --name flag followed by the desired name.

The invited user can be automatically put into a designated node with the --node flag followed by the name of a node in the enterprise.

Complete Example:

enterprise-user --add --node "Chicago" --name "John Smith"

Hint: You can use the shortened version of the command as well: eu

e.g. eu --add

Find more information in the command documentation.

Invitation Email and Vault Creation

To join the enterprise, the invited user will need to accept an invite emailed to them.

When the user clicks "Set Up Your Account Now" they are taken to the Keeper Web Vault to proceed with account creation.

Until the invited user logs into their Vault, their Vault is not setup or accessible and records cannot be shared with them.

Example: Invite Users from Email Addresses in a File

In this example, we will take a file with a list of email addresses and send an invite to each email address.


  • Update Commander

    • Before getting started, be sure that you have the most up-to-date version of Commander. Find the most recent release on the GitHub releases page.

  • Set Persistent Login

    • Persistent login will allow Commander to run commands without needing you to login between each call. To enable persistent login, run the following commands in Keeper Commander:

this-device register
this-device persistent-login on

For more information on persistent login and options, see the documentation page.

Getting Started

First gather the email addresses into a file. In this example the file will look like this:


For this example, each email address is on its own line. The file can contain any number of email addresses.

Send Invites

Now that the file is ready, we can use a simple script to cycle through each email and send an invite.

for /f %e in (user_emails.txt) do keeper enterprise-user "%e" --add

Run the script for your operating system from the examples above to send an invite to each email address from the file.

Advanced Example: Include User's Name and Node

To expand upon the above example, we can include a user's display name and node in the file then apply these details to the user's account when sending them an invite.

For this example the file will now look like this:

users.txt,John Smith,Chicago Office,Jane Doe,New York Office,Mary Sue,Chicago Office,Chris Adams,Chicago Office,Amanda Patel,New York Office

Each line now has each user's email address, display name, and node separated by commas.

The given nodes must match an existing node name in the Keeper Enterprise. The nodes must exist before sending invites to new users.

To include these details in the invitation command, we simply need to add the relevant flags to the script.

for /f "tokens=1,2,3 delims=," %e in (users.txt) do keeper eu "%e" --add --name "%f" --node "%g"

Notice that the shortened version of the enterprise-user command eu is used here

Run the script appropriate for your OS and each user from the file will get an invite in their email, their display name will be set, and they will be placed in the correct node.

This example could be altered to only supply the display name or node, or to perform other tasks like adding a list of users to a specified team or role.

Create New User Accounts

Sometimes it is necessary to create a new user account and vault which are setup and ready to go before the user logs in. To do this, another command can be used: create-user

Creating Users with Commander

When the create-user command is used Commander will create a new user account, and set the enterprise data key required for the account to share records with other accounts in the enterprise. To do this Commander must login to the new account once when it is created.


create-user --node "Chicago"

When the account is run, you will be prompted to create a password for the new user. Alternatively you can provide a record from your vault with a password already set to use as the account's password.

See more information about this command in the command documentation

Enterprises with MFA or SSO Login

When using the create-user command Commander needs to login to the new account. This means that if the enterprise requires MFA or SSO Login, Commander will need the corresponding credentials for the new account in order to complete vault creation.

It is recommended that enterprises only use create-user in special circumstances, or on initial enterprise creation before MFA or SSO login is setup and required.

Differences with enterprise-user Command

The create-user command differs from the enterprise-user --add method in the following ways:

  • create-user requires a password for the new account be set by the Commander user

    • (Users invited be enterprise-user --add will set their own passwords at account creation)

  • create-user requires Commander to login to the new account

  • When creating a user account with create-user the vault is created immediately, and can be accessed or have records shared to it right away

create-user should only be used in special circumstances or when first creating a new enterprise.

Creating User Accounts From a File

To use the create-user command with a list of email addresses from a file, follow the steps above for the enterprise-user command and swap out that command with create-user

For example:

for /f "tokens=1,2,3 delims=," %e in (users.txt) do keeper create-user "%e" --name "%f" --node "%g"

Last updated