⮐ Keeper HomeAll DocumentationAdmin Console
Search…
Getting Started
Start Your Trial
Resources
Quick Start for Small Business Teams
Why Choose Keeper Enterprise
Implementation Overview
Domain Reservation
Deploying Keeper to End-Users
Keeper Admin Console Overview
Nodes and Organizational Structure
User and Team Provisioning
SSO / SAML Authentication
User Management and Lifecycle
Roles, RBAC and Permissions
Delegated Administration
Account Transfer Policy
Teams (Groups)
Folders and Shared Folders
Creating Vault Records
One-Time Share
Importing Data
Record Types
Two-Factor Authentication
Storing Two-Factor Codes
Security Audit
BreachWatch (Dark Web)
Secure File Storage
Reporting, Alerts & SIEM
Recommended Alerts
Webhooks (Slack & Teams)
Compliance Reports
Vault Offline Access
Secrets Manager
Commander CLI
Keeper Connection Manager
Keeper MSP
Free Family License for Personal Use
Recommended Security Settings
IP Allow Keeper
Keeper Encryption Model
Developer API / SDK Tools
End-User Guides
On-Prem vs. Cloud
Authentication Flow V3
Migrating from LastPass
Training and Support
Troubleshooting
Docs Home
Powered By GitBook
Domain Reservation
Reserve the use of domains for privacy and security

About Domain Reservation

Keeper's Cloud architecture is Zero Knowledge (more information about our security model is here).
For security reasons, Keeper's Enterprise tenants are restricted to inviting and creating end-user accounts within certain email domains. When you sign up for a Keeper Business or Enterprise account, you are required to use a business email domain, e.g. mycompany.com.
If you sign up for the Enterprise account using @mycompany.com for your email address, this domain will be reserved to your tenant.
Keeper's architecture requires a domain to be reserved before it can be used by the Enterprise. This serves several purposes:
(1) Ensures that end-users cannot create "rogue" accounts without being explicitly invited or provisioned by the Enterprise Admin.
(2) Reduces administrative burden in locating free or personal accounts associated with a domain
(3) Prevents a malicious actor from creating a Keeper account with a domain reserved by an Enterprise customer.
If you require additional email domains (e.g. us.company1.com and eu.company2.com), please open a support ticket with the Keeper team and we will assist you in reserving the domain.

Reserve your Domains

If you own a set of domains that your users will use for logging in, be sure to contact your Keeper account manager to request domain reservation for all of your domains. We can lock the domains to your preferred region to ensure that users don't sign up in the wrong geographic data center.

Personal Domains

Keeper maintains a list of "personal" domains, for example gmail.com and yahoo.com which cannot be reserved and allow the general public to create Keeper accounts with those domains, with a verified email.
If you would like to allow end-users to create personal or Enterprise accounts with your reserved domain outside of your enterprise tenant, please contact the Keeper support team and we can unlock this domain for you.

Domain Reservation and Just-In-Time provisioning

If you are using Keeper SSO Connect Cloud or Keeper SSO Connect On-Prem, you can enable Just-In-Time Provisioning. If Just-In-Time provisioning is enabled, you can automatically route users to the identity provider when the user types in their email and clicks "Next" from the Vault login screen. This applies to all devices including Web Vault, Desktop App, Browser Extensions, iOS and Android apps.
Domain Reservation and Just-In-Time Provisioning
Previous
Implementation Overview
Next
Deploying Keeper to End-Users
Last modified 18d ago
Export as PDF
Copy link
Contents
About Domain Reservation
Reserve your Domains
Personal Domains
Domain Reservation and Just-In-Time provisioning