Admin Console Overview

Last updated 29 days ago

Admin Tab

When you first login to the Admin Console, it will bring you to the Admin tab. From here, you can access Nodes, Users, Roles, Teams, Two Factor Authentication, Provisioning and License. On-screen guides will highlight the main functional area.


Nodes are a way to organize your users into distinct groupings, similarly to organizational units in Active Directory. The administrator can create nodes based on location, department, division or any other structure that makes sense. By default, the top-level node, or Root Node is set to the organization name, and all Nodes can be created underneath.

  • Smaller Businesses may benefit to administer Keeper at a single level - all provisioned users, roles, and teams are accessed from the root node by default.

  • Larger Organizations may benefit in organizing by locations or departments - Nodes are not visible or configurable by default. To activate the Node configuration, select Advanced Configuration and then enable Show Node Structure.

  • Nodes can have completely independent sets of users, role enforcement policies, administrators, provisioning methods and 2FA methods.


Keeper is easy to deploy to your users in the organization, and our flexible tools provide many options in your rollout plans. To get started, we recommend that you consider the organizational structure of your Keeper account. The building blocks of Keeper's security model are Nodes, Users, Roles and Teams which are covered in detail throughout this guide. All users who join the organization's Keeper subscription will be responsible for managing their own encrypted vault. Whether users are manually created or provisioned, their vault is protected by a Master Password which is used to encrypt and decrypt the user's data key which is then used to encrypt their data. We recommend separating your personal, private records from your business records by creating two separate user accounts. When enforcements are applied to the enterprise (such as Account Transfer privileges), users who have personal records mixed with business information risk having their personal information transferred. When preparing for a rollout, you can consider one of the following options when adding users:


Roles provide the organization the ability to define enforcements based on a user's job responsibility as well as provide delegated administrative functions.

For more information, refer to Roles

Account Transfer Setup

Account Transfer is an optional feature that should be configured by the Keeper Administrator during the initial deployment phase of the Keeper rollout. The reason for this is because Account Transfer relies on the sharing of encryption keys between users that have rights to perform the transfer.

For more information, refer to Account Transfer


The purpose of creating Teams is to have logical groupings of individuals for the ability to share folders within the Keeper Vault to collective group of individuals. The administrator simply creates the team, sets any Team Restrictions (edit/viewing/sharing of passwords), and adds the individual users to the team.

For more information, refer to Teams

Deploying Keeper to End-Users

Keeper works on every smartphone, tablet and computer. Keeper supports popular browsers including Chrome, Safari, Firefox, Edge and IE. Native app installation is available from the Keeper website and every public-facing app store (iTunes, Google Play, Microsoft Store, etc).

Download Keeper from

End-user guides for each platform are available here.