KeeperPAM and Secrets Manager
KeeperPAM is a modern, cloud-based Privileged Access Manager
Overview
KeeperPAM is a next-gen privileged access management solution that secures and manages access to critical resources, including servers, web apps, databases and workloads.
KeeperPAM consolidates enterprise password management, secrets management, connection management, zero-trust network access, remote browser isolation and an cloud-based access control plane in one unified product.
To learn more about KeeperPAM or sign up for a trial:
KeeperPAM vs. KCM
KeeperPAM is a cloud-native privileged access solution that requires only a lightweight gateway installation, while Keeper Connection Manager (KCM) is a fully self-hosted solution.
KeeperPAM works through outbound-only connections with zero-knowledge encryption, eliminating the need for inbound firewall rules or direct line-of-sight to resources. In contrast, KCM is fully hosted by the customer with control over the authentication, database, web server, reverse proxy and session recordings.
In summary, KeeperPAM is designed for organizations embracing cloud transformation and zero-trust security, while KCM serves specialized use cases requiring full infrastructure control, such as classified environments or those with specific compliance requirements like PIV/CAC authentication.
Features
Several new and exciting capabilities of KeeperPAM are now available in Preview:
Zero-trust connections launched from the Vault
Tunnels established from the Desktop App for ZTNA
Sharing connections without exposing credentials
Sharing tunnels on a time-limited basis
Built-in SSH Agent for use with and without tunneling
Launching remote browser isolation sessions
Session recording and playback
File transfer with drag-and-drop
Splitting credentials between PAM Resources and PAM Users
Discovery of resources
All new Keeper Gateway setup wizard
Docker-based deployment of the Keeper Gateway
Role-based enforcement policies covering PAM use cases
Event reporting of all PAM activity with SIEM integration
Key Differentiators
Unified with the Keeper Vault: Keeper PAM features integrates directly with the Keeper Vault, offering a centralized, secure platform for managing credentials, connections, and privileged access.
Zero-Knowledge Security: Built on a zero-knowledge architecture, KeeperPAM ensures that only the end user can access their data, with no visibility or access for Keeper itself.
Agentless Deployment: With a simplified setup process, KeeperPAM requires only the deployment of a single gateway in each target environment, using agentless protocols to manage infrastructure.
Credential-less Sharing: Users can securely share access to connections without exposing passwords, enhancing both security and usability
Getting Started
Before jumping into the KeeperPAM advanced capabilities, we require that you first set up your Keeper Enterprise or Keeper MSP license and set up your basic environment.
Check out the Keeper Enterprise documentation
Deploy the Keeper Vault to your employees
Contact the Keeper Team
If you are an existing customer, your customer success team can activate KeeperPAM in your account.
For technical questions during the Preview period, you can also email pam@keepersecurity.com which routes to our engineers.
About this Documentation
This documentation is broken out into 3 sections:
Additional documentation on the Keeper platform can be found here:
Next Steps
Learn about the new KeeperPAM Preview
Launch the Quick Start: Sandbox
Deep dive into the Getting Started guide for KeeperPAM
Last updated