Domain Reservation
Reserve the use of domains for privacy and security

About Domain Reservation

Keeper's Cloud architecture is Zero Knowledge (more information about our security model is here).
For security reasons, Keeper's Enterprise tenants are restricted to inviting and creating end-user accounts within certain email domains. When you sign up for a Keeper Business or Enterprise account, you are required to use a business email domain, e.g.
If you sign up for the Enterprise account using for your email address, this domain will be reserved to your tenant.
Keeper's architecture requires a domain to be reserved before it can be used by the Enterprise. This serves several purposes:
(1) Ensures that end-users cannot create "rogue" accounts without being explicitly invited or provisioned by the Enterprise Admin.
(2) Reduces administrative burden in locating free or personal accounts associated with a domain
(3) Prevents a malicious actor from creating a Keeper account with a domain reserved by an Enterprise customer.
If you require additional email domains (e.g. and, please open a support ticket with the Keeper team and we will assist you in reserving the domain.

Reserve your Domains

If you own a set of domains that your users will use for logging in, be sure to contact your Keeper account manager to request domain reservation for all of your domains. We can lock the domains to your preferred region to ensure that users don't sign up in the wrong geographic data center.

Personal Domains

Keeper maintains a list of "personal" domains, for example and which cannot be reserved and allow the general public to create Keeper accounts with those domains, with a verified email.
If you would like to allow end-users to create personal or Enterprise accounts with your reserved domain outside of your enterprise tenant, please contact the Keeper support team and we can unlock this domain for you.

Domain Reservation and Just-In-Time provisioning

If you are using Keeper SSO Connect Cloud or Keeper SSO Connect On-Prem, you can enable Just-In-Time Provisioning. If Just-In-Time provisioning is enabled, you can automatically route users to the identity provider when the user types in their email and clicks "Next" from the Vault login screen. This applies to all devices including Web Vault, Desktop App, Browser Extensions, iOS and Android apps.
Domain Reservation and Just-In-Time Provisioning