How to configure Keeper SSO Connect Cloud with Rippling for seamless and secure SAML 2.0 authentication and SCIM provisioning.

Please complete the steps in the Admin Console Configuration section first.

Rippling Setup

  1. Login to the Rippling admin account.

2. After logging in, on the left side hover over Home and click App Shop in the bottom left.

3. In the App Shop, search for Keeper in the upper left corner and select it from the search result.

4. After selecting clicking on the Keeper app, click Connect Account to get started with SSO.

5. Rippling has it's own SSO set up walkthrough, continue the walkthrough to set up SSO.

6. Once you have reached this page, the SSO setup is complete, however there is also an option for SCIM provisioning. If you would like SCIM provisioning, select Continue with API and follow the SCIM provisioning walkthrough. Otherwise, click Skip for now, visit app.

You can assign users to the application and designate who has access to keeper in your Rippling environment here.

For more detailed configuration of SCIM visit the User and Team Provisioning section in the Enterprise Guide

Move existing users/initial admin to SSO authentication

Users created in the root node (top level) will need to be migrated to the sub node that the SSO integration was configured on. If users remain in the root node, they will be prompted for the master password when accessing the vault and/or admin console.

An admin can not move themselves to the SSO enabled node. It requires another admin to perform this action.

After the user is moved to the SSO enabled node, they need to log into the Keeper vault initially by selecting the "Enterprise SSO" pull down and inputting in the Enterprise Domain configured on the SSO integration. The user may get prompted to confirm by entering in the master password.

Once the user has authenticated with SSO, they only need to use their email address moving forward to initiate SSO authentication.

They won't have to enter the Enterprise Domain. If typing in the email address and clicking Next does not route the user to the desired SSO, ensure that just-in-time provisioning is enabled in the Keeper SSO configuration and ensure that your email domain is reserved by Keeper. More information regarding routing and domain reservation can be found here.

Last updated