How to configure Keeper SSO Connect Cloud with Trusona for Passwordless login to Keeper.

Configure Keeper for Trusona Integration

Please complete the steps in the Admin Console Configuration section first.

Visit the Keeper Admin Console and login as the Keeper Administrator. (US / Global) (EU-hosted customers) (AU-hosted customers) (GovCloud customers)

Note: Passwordless integration can only be applied to specific nodes (e.g. organizational units) within your Admin Console.

1) Click on the Admin tab and click Add Node

2) Name the node and click Add Node

3) From the Provisioning tab, click Add Method

4) Select Single Sign-On with SSO Connect™ Cloud and click Next

5) Enter your Configuration Name and Enterprise Domain, then click Save. Take note of the Enterprise Domain. This will be used later for Enterprise SSO login.

6) The newly-created SAML 2.0 with Cloud SSO Connect provisioning method will be visible. Select View from the menu.

These items will be used when configuring Trusona later in the documentation.

7) Note the Entity ID, Assertion Consumer Service (ACS) Endpoint and Single Logout Service Endpoint

8) Click Export SP Cert

Configure Trusona

1) Log into the Trusona Dashboard at scanning the QR code from your mobile device using the Trusona app for iOS or Android.

Create Keeper Integration in Trusona

2) From your Trusona account dashboard, select Keeper from the left-hand navigation.

3) Click Create Keeper Integration.

4) Name the integration and click Save.

5) Click Download XML to download the XML metadata for use in the Keeper Admin Console.

6) Select Keeper on the left-hand navigation.

7) Click Edit from the Actions dropdown menu for your integration.

8) Paste the following information noted earlier in the documentation when creating the integration in the Keeper Admin Console in the corresponding field:

  • Assertion Consumer Service (ACS) Endpoint

  • IDP Initiated Login Endpoint

  • Single Logout Service (SLO) Endpoint

9) Under Certificate, upload the SP Cert exported from the Keeper Admin Console and Click Save.

10) Return to the Keeper Admin Console

11) Optionally enable Just-In-Time Provisioning to allow users to create accounts in the node by typing in the Enterprise Domain name when signing up.

12) Under SAML Metadata, upload the metadata.xml file downloaded from the Trusona dashboard.

13) Under Identity Provider Attribute Mappings, enter the following:

  • First Name: given_name

  • Last Name: name

  • Email:

User Provisioning

Instructions on how to provision users with SSO Connect Cloud can be found here.

End User Login

Users may login either using their enterprise domain or email address.

Login Using Email Address

  1. Navigate to the Keeper Vault

  2. Enter your email address and click Next

  3. From your Trusona app on your smart device, scan the QR code on your desktop browser

  4. You will now be logged in to your Keeper vault

Login Using Enterprise Domain

  1. Navigate to the Keeper Vault

  2. Click the Enterprise SSO Login dropdown and select Enterprise Domain

  3. Enter the Enterprise Domain name you specified in the Keeper portion of this walkthrough and click Connect

  4. From your Trusona app on your smart device, scan the QR code displayed on your desktop browser

  5. You will now be logged in to your Keeper vault

Last updated