⮐ Keeper HomeAll DocumentationAdmin Console
Search…
Getting Started
Start Your Trial
Resources
Quick Start for Small Business Teams
Why Choose Keeper Enterprise
Implementation Overview
Domain Reservation
Deploying Keeper to End-Users
Keeper Admin Console Overview
Nodes and Organizational Structure
User and Team Provisioning
Manual Provisioning through the Admin Console
Custom Invite and Logo
Active Directory Provisioning
LDAP Provisioning
SSO - JIT (Just in Time) Provisioning and Authentication
Okta Provisioning with SCIM
Azure AD Provisioning with SCIM
G Suite Provisioning with SCIM
JumpCloud® Provisioning with SCIM
OneLogin Provisioning with SCIM
Microsoft AD FS Provisioning
API Provisioning with SCIM
Team and User Approvals
Email Auto-Provisioning
CLI Provisioning with Commander SDK
SSO / SAML Authentication
User Management and Lifecycle
Roles, RBAC and Permissions
Delegated Administration
Account Transfer Policy
Teams (Groups)
Folders and Shared Folders
Creating Vault Records
Importing Data
Record Types
Two-Factor Authentication
Storing Two-Factor Codes
Security Audit
BreachWatch (Dark Web)
Secure File Storage
Reporting, Alerts & SIEM
Recommended Alerts
Webhooks (Slack & Teams)
Compliance Reports
Vault Offline Access
Keeper MSP
Free Family License for Personal Use
Training and Support
IP Allow Keeper
Migrating User Vaults Between Regions
Password Recovery Via Vault Transfer
Keeper Encryption Model
Developer Tools
SSH Connections
Recommended Security Settings
End-User Guides
Use Cases
On-Prem vs. Cloud
Login API
Migrating from LastPass
Docs Home
Powered By GitBook
User and Team Provisioning
User provisioning is flexible and powerful with Keeper Enterprise
Keeper Enterprise can provision users through many different methods that are described here in detail.

Provisioning Methods Supported

    Manual Provisioning through the Admin Console
    Single Sign-On (SAML 2.0) Authentication and Provisioning with Keeper SSO Connect
    Active Directory / LDAP Provisioning with the AD Bridge
    Okta, Azure AD, Google G Suite, OneLogin Provisioning with SCIM
    API Provisioning with SCIM
    Email Auto-Provisioning
    CLI Provisioning with Commander SDK

Best Practices and Recommendations for User Provisioning

Small Businesses and Teams

If you are deploying Keeper to a small number of users, or if you are only deploying Keeper to a team within a large Enterprise, using Keeper's "manual provisioning" or "bulk upload" may be sufficient.
👉
Recommended Method: Manual Provisioning through the Admin Console

Organizations with On-Prem Active Directory (AD)

For organizations that are managing an on-prem AD environment, we recommend using the Keeper Active Directory Bridge application ("AD Bridge") for mapping node structure and adding Users, Teams and Roles.
👉
Recommended Method: AD Bridge
The AD Bridge software is used strictly for provisioning of users. To authenticate your users against AD, we recommend using AD FS with the Keeper SSO Connect service.
👉
Recommended Method: SSO Connect On-Prem or SSO Connect Cloud

Organizations with On-Prem Active Directory (AD) and AD FS

For organizations who are already utilizing federated services, Keeper SSO Connect provides real-time authentication and Just-In-Time (JIT) provisioning. If you would like to automatically assign users to Roles and Teams through AD security groups or other custom LDAP queries, the Keeper AD Bridge software can also be utilized.
👉
Recommended Method: AD Bridge with SSO Connect On-Prem or SSO Connect Cloud

Organizations with Azure, Okta, Jumpcloud, Google Workplace or other cloud-based directories

Many Keeper Enterprise customers have either migrated to a cloud-based identity store or they are in the process of migration, either through AD->Azure syncing or other mirroring techniques.
If your organization utilizes a cloud-based directory, you have 3 choices for deployment:
1) SCIM provisioning
The SCIM provisioning protocol is supported by most modern identity providers including Azure, Okta, G Suite and many others. Google calls it "User Provisioning". Okta and Azure call it "Automated Provisioning". Keeper's SCIM implementation can provision a user account, de-provision an account, create a team, assign a user to a team, remove a user from a team.
2) SSO (SAML 2.0) authentication with Just-In-Time ("JIT") provisioning
Keeper SSO Connect is a powerful feature of Keeper Enterprise which supports real-time authentication and provisioning of user accounts through any SAML 2.0 compatible identity provider. Azure AD, AD FS, Okta, Jumpcloud, G Suite, Ping, OneLogin and 100+ other identity providers are compatible with Keeper.
3) Combining both SCIM provisioning and SSL (SAML 2.0) authentication
SCIM and SSO can be combined to provide real-time authentication, provisioning of accounts AND the ability to create teams, assign users into teams, de-provision users, etc. Azure AD, Okta, G Suite, Jumpcloud and many other modern identity providers support a combination of these two methods.
👉
Recommended Method: SSO Connect On-Prem or SSO Connect Cloud

Universities and Large Organizations with legacy or fragmented directories

Universities and large organizations who have fragmented user directories or do not wish to integrate Keeper with SSO or SAML protocols can use Keeper's Email Provisioning method for a mass deployment.
Email provisioning essentially reserves a domain name (e.g. iastate.edu) and will automatically provision a user based on their domain (with email verification) into a default role. No work needs to be done by the Keeper Admin once the initial configuration is set up.
👉
Recommended method: Email Auto-provisioning

Integration with Portals or Custom Apps

If you have a special integration requirement such as automatically provisioning and creating user vaults through a developer API or other custom integration needs, Keeper provides several SDK options. Visit the Commander SDK platform for Python, .Net, Powershell, Java and other toolkits available for customers.
👉
Recommended method: Commander SDK
Additional details on provisioning methods are documented in the next section.
Previous
Nodes and Organizational Structure
Next
Manual Provisioning through the Admin Console
Last modified 1mo ago
Export as PDF
Copy link
Contents
Provisioning Methods Supported
Best Practices and Recommendations for User Provisioning