Keeper Home
Docs Home
Admin Console
Welcome to Keeper
Resources
Why Choose Keeper Enterprise
Implementation Overview
Admin Console Overview
Nodes and Organizational Structure
User and Team Provisioning
Role Enforcement Policies
Teams / Groups
Deploying Keeper to End-Users
Folders and Shared Folders
Creating Vault Records
Two-Factor Authentication
Keeper SSO Connect
Advanced Reporting and Alerts
Keeper Guides
Training and Support
Whitelisting Keeper
On-Prem vs. Cloud
Powered by GitBook
Have an account? Sign in

Teams / Groups

Last updated 2 months ago

The purpose of creating teams is to have logical groupings of individuals for the ability to share folders within the Keeper Vault to collective group of individuals. The administrator simply creates the team, sets any Team Restrictions (edit/viewing/sharing of passwords), and adds the individual users to the team.

Adding a Team

Navigate to the Teams tab and select on the + icon. The Add Team window will appear and you can add the team name that you are creating. Just like Roles, the teams will get added to the specific node that is selected.

Editing Teams

Once the team is created, select the team name on the left, and in the right panel it will display editable options. The Team name, disable record re-shares, disable record edits, disable viewing passwords, Node and Users can be configured. To delete a team, select on the trashcan icon.

Team-Level Restrictions

Teams can be configured with several restrictions that will override any folder-level permission settings.

1. Disable viewing passwords With this restriction in place, passwords are usable for logging in from the browser extension but are "masked" visually on the user interface. Note that password masking is visual in nature and the password is still stored in the user's vault and accessible via API communication and browser inspection. 2. Disable record re-shares With this restriction in place, passwords shared to this team cannot be re-shared by team members. Shared Folder permissions take precedence. 3. Disable record edits With this restriction in place, passwords are usable and viewable but cannot be edited. Shared Folder permissions take precedence. 4. Hide Shared Folders Selecting the Hide Shared Folders checkbox will hide Shared Folders which have been shared to this team for a particular user within the team. The purpose of this is to allow an admin to be a member of a team so that they can share the team encryption keys, but not have to receive the records associated with the team. This is not for security, since they could always turn off the Hide Shared Folders, but rather for convenience so they don't get a lot of unwanted records in their vault.

​

Previous
Role Enforcement Policies
Next
Deploying Keeper to End-Users
Contents
Adding a TeamEditing TeamsTeam-Level Restrictions