⮐ Keeper HomeAll DocumentationAdmin Console
Search…
Getting Started
Start Your Trial
Resources
Quick Start for Small Business Teams
Why Choose Keeper Enterprise
Implementation Overview
Domain Reservation
Deploying Keeper to End-Users
End-User Guides
Keeper Admin Console Overview
Nodes and Organizational Structure
User and Team Provisioning
SSO / SAML Authentication
User Management and Lifecycle
Roles, RBAC and Permissions
Delegated Administration
Account Transfer Policy
Teams (Groups)
Folders and Shared Folders
Share Admin
Creating Vault Records
One-Time Share
Importing Data
Record Types
Two-Factor Authentication
Storing Two-Factor Codes
Security Audit
BreachWatch (Dark Web)
Secure File Storage
Reporting, Alerts & SIEM
Recommended Alerts
Webhooks (Slack & Teams)
Compliance Reports
Vault Offline Access
Secrets Manager
Commander CLI
Keeper Connection Manager
Keeper MSP
Free Family License for Personal Use
KeeperChat
Recommended Security Settings
IP Allow Keeper
Keeper Encryption Model
Developer API / SDK Tools
On-Prem vs. Cloud
Authentication Flow V3
Migrating from LastPass
Training and Support
Troubleshooting
Docs Home
Powered By GitBook
IP Allow Keeper
IP Allow Keeper backend communication on your network.

Overview

If you have deployed a firewall or zero trust network which restricts end-user network traffic to specific services, you can add Keeper to your AllowList based on either FQDN or IP Address. We recommend using FQDN since IPs can sometimes change. However, as of April 1, 2022 we have allocated static IPs for our cloud environment that can be used for legacy firewall devices that do not support name-based lookups.

IP Address Allow List

US Hosted Customers
  • 100.25.27.45
  • 34.194.152.47
AU Hosted Customers
  • 3.105.100.129
  • 54.66.130.249
  • 100.25.27.45
  • 34.194.152.47
EU Hosted Customers
  • 63.33.173.146
  • 54.154.50.154
  • 100.25.27.45
  • 34.194.152.47
Admins can also restrict access to Keeper through IP Allowlist entries in role enforcement policies.
Note that Keeper's encryption model prevents packet inspection and man-in-the-middle attacks. If you attempt to use Keeper behind a packet inspecting firewall or proxy device, the application may not function.
Note: Push services (e.g. push.services.keepersecurity.com) is not allocated static IPs based on the dynamic nature of the service. This may affect certain functionality of the platform if you block access to push services, such as real-time data updates and syncing.
Push Servers:
  • push.services.keepersecurity.com
  • push.services.keepersecurity.eu
  • push.services.keepersecurity.com.au

FQDN Allow List

TCP port 443 should be available to your users for the following endpoints, depending on your tenant location.
Global - All Customers
  • keepersecurity.com
  • keeper.io
  • gitbook.io (documentation portal)
US Hosted Customers
  • push.services.keepersecurity.com
  • files.services.keepersecurity.com
EU Hosted Customers
  • keepersecurity.eu
  • push.services.keepersecurity.eu
  • files.services.keepersecurity.eu
AU Hosted Customers
  • keepersecurity.com.au
  • push.services.keepersecurity.com.au
  • files.services.keepersecurity.com.au
US / GovCloud Hosted Customers
  • govcloud.keepersecurity.us
  • push.services.keepersecurity.us
  • files.services.keepersecurity.us

Emails from Keeper Security

Keeper sends several types of transactional emails.
  • If the role enforcement policy is enabled, email invitations are sent to newly provisioned end-users via the Admin Console, Bridge or SCIM methods. The content of the email invites can be customized by the Admin in the console configurations screen.
  • Keeper does not send marketing communications or any other product marketing emails to end-users.
  • Users with Administrative rights will receive emails related to account status and billing. End-users will not receive account related emails.
  • The primary account owner who signs up for Keeper will receive an onboarding email and documentation links, as well as direct communication from a Keeper customer success manager.
  • Device verification emails (when logging into a new device) are sent to end-users for authentication purposes.
  • Alerts configured by the Keeper Admin in the Advanced Reporting & Alerts application can be optionally sent to end-users, but this is not activated by default.
Email Delivery
Keeper's email services are hosted with Amazon SES using dedicated IPs. To ensure that emails from Keeper Security are delivered to users with high success, we recommend ensuring that your mail filters accept email from the below FQDNs and IP Senders. Domains:
  • keepersecurity.com
  • keepersecurity.com.au
  • keepersecurity.eu
IP Senders:
54.240.34.131 54.240.34.132 54.240.34.133 54.240.34.134 54.240.34.135 54.240.34.219 54.240.34.220 54.240.34.221 54.240.35.227 54.240.35.228 54.240.35.229 54.240.35.230 54.240.35.231 69.169.235.44 69.169.235.46 69.169.245.47 69.169.245.48

Inbound Allow List

For customers who are receiving inbound SIEM events and Automator requests from the Keeper production environment, use the below IP addresses. This only applies to SIEM event reporting and SSO Cloud Automator where Keeper is the originator of the traffic.
US / Global
  • 34.194.242.137
  • 18.235.39.229
  • 54.208.20.102 (Connection verification only)
  • 34.203.159.189 (Connection verification only)
EU / Dublin
  • 54.246.149.209
  • 34.250.37.43
  • 52.210.163.45 (Connection verification only)
  • 54.246.185.95 (Connection verification only)
AU / Sydney
  • 54.206.253.126
  • 52.64.85.78
  • 3.106.40.41 (Connection verification only)
  • 54.206.208.132 (Connection verification only)
US / GovCloud
  • 18.253.101.55
  • 18.253.102.58
  • 18.252.135.74 (Connection verification only)
  • 18.253.212.59 (Connection verification only)
Previous
Recommended Security Settings
Next
Keeper Encryption Model
Last modified 5mo ago
Export as PDF
Copy link
Outline
Overview
IP Address Allow List
FQDN Allow List
Emails from Keeper Security
Inbound Allow List