Keeper Admin Console Overview

The Keeper Admin Console provides administrative controls, user onboarding, reporting and auditing.

To access the Keeper Admin Console: https://keepersecurity.com/console (US) https://keepersecurity.eu/console (EU)

Dashboard

When you first start up the Admin Console you will land in the Dashboard which provides an overview of recent Event Activity, a Security Audit, and User Status.

Dashboard

The Dashboard provides several components:

  • Top Events and link to Timeline Chart

  • Security Audit Overall Score

  • BreachWatch Overall Score

  • User Status Summary

  • User Status Hint: To download the status report click on the (...) and "Download"

Download User Status Report

Admin

From the Admin screen, you can access Nodes, Users, Roles, Teams, Two Factor Authentication, 2FA settings, and User Provisioning.

Users

Keeper is easy to deploy to your users in the organization, and our flexible tools provide many options in your rollout plans. To get started, we recommend that you consider the organizational structure of your Keeper account. The building blocks of Keeper's security model are Nodes, Users, Roles and Teams which are covered in detail throughout this guide. All users who join the organization's Keeper subscription will be responsible for managing their own encrypted vault. Whether users are manually created or provisioned automatically, their vault is protected by a Master Password which is used to encrypt and decrypt the user's Data Key which is then used to encrypt their data. We recommend separating your personal, private records from your business records by creating two separate user accounts. When enforcements are applied to the enterprise (such as Account Transfer privileges), users who have personal records mixed with business information risk having their personal information transferred.

Provisioning

When preparing for a rollout, you can consider one of the following options when adding users:

Roles

Roles provide the organization the ability to define enforcements based on a user's job responsibility as well as provide delegated administrative functions.

Permissions for Administrators are also configurable here which toggle whether an Admin can manage nodes, users, teams, roles, SSO, AD Bridge, User Account Transfer, and Run Reports.

Important: Account Transfer is an optional feature that should be configured by the Keeper Administrator during the initial deployment phase of the Keeper rollout. The reason for this is because Account Transfer relies on the sharing of encryption keys between users that have rights to perform the transfer. For more information, refer to Account Transfer.

Teams

The purpose of creating Teams is to have logical groupings of individuals for the ability to share folders within the Keeper Vault. The administrator simply creates the team, sets any Team Restrictions (edit/viewing/sharing of passwords), and adds the individual users to the team.

Nodes

Nodes provide a method to organize your users and administrators into distinct groupings, similar to organizational units in Active Directory. The administrator can create nodes based on location, department, division or any other structure that makes sense for your organization. Nodes can have completely independent sets of users, role enforcement policies, administrators, and provisioning methods.

By default, the top-level node, or Root Node is set to the organization name, and all Nodes can be created underneath. Depending on your organization you may or may not need to set up nodes.

  • Smaller Businesses may not need multiple nodes and will be able to administer users, roles, and teams from the default root node only.

  • Larger Organizations may benefit in organizing by locations or departments across multiple nodes.

  • MSPs (Managed Service Providers) are advised to set up different nodes for each customer to keep them isolated from each other.

Optional Secure Add Ons

Access to optional Secure Add-On functionality is also provided from the Admin Console side bar, this includes:

  • Advanced Reporting & Alerts

  • BreachWatch

Additional information on these features are available within this User Guide.