Vault Offline Access

Offline access is a common use case for organizations who require vault access in poor network conditions or when SSO is unavailable.


Offline Mode allows users to have access to their vault from a web browser when they are not able to connect online to Keeper or to their SSO Identity Provider. This capability is available on Keeper's mobile app, desktop application and extended to Business users on popular web browsers.

The capability works by making a copy of your vault to your local device. The vault data is stored in an encrypted format which is only accessible if the user provides their Master Password.

Multiple users can share a single device (e.g. a laptop PC) and all will have their vault stored safely on that PC when offline.

End User Guide

Platforms that Support Offline Access








Keeper Desktop App (Mac, Windows, Linux)


Keeper Microsoft Store App (Windows 10, Surface)

Web Browser

Web Vault (Chrome, Safari, Firefox, Edge)

User Device Setup

User’s devices (e.g. laptops that might not have offline access) will need to be “primed” with a cache of their vault by logging into with an online connection at least once. A mirror copy of their vault will be replicated to that device once done.

Mobile Device Setup

Offline access on mobile devices is accomplished through the use of biometrics. iOS Face ID / Touch ID, Android fingerprint are supported.

Web and Desktop Vault

On the Web Vault and Desktop App, users will know if their vault is available offline via a “lightning bolt” icon indicating their data has been loaded on that device.

If the icon is not present then the user will need to login at least once while online. The "Remember Email" checkbox must also be checked by the user in order for the offline vault to be stored on that device. If not checked offline vault will not be stored.

Once logged in the user will know if they are offline by an “Offline Mode” text notice at that bottom of their vault.

Offline Mode Indicator

Not all vault features are available online, for instance users create any new vault content such as record or folders when offline. When such a limitation occurs then a notice message will be displayed.

If the device is being used temporarily (e.g. a borrowed PC), then the stored offline vault can be deleted from that device by the user by clicking on the “x” button next to their email login name.

If being used with an SSO Account

The user must first configure a Master Password in order to login to Keeper when not using the SSO to login.

Setting up SSO Master Password

If the SSO is not available (e.g. if offline), then click on “Login with Master Password” to get access to the offline vault. Note that the user can also get access to their vault via the Master Password even if they are online.

Administrative Guide

Admin Console Interface for Offline Mode

Offline access for users can be enabled or disabled via the Admin Console Enforcement Policies with a simple toggle. This is enabled by default.

Mobile devices (iOS, Android) must enable the use of Biometrics in order to utilize offline access. By default, biometrics are enabled.

Enable Biometrics Enforcement

Offline SSO Master Password

To provide users who normally login with Single Sign-On the ability to access their vault in offline mode, the Keeper administrator can enable the use of a Master Password as a role-based enforcement. This feature is disabled by default.

To enable SSO users with the ability to set a Master Password for offline access, turn on the "Allow users who login with SSO to create a Master Password" setting in the "Login Settings" enforcement screen.

SSO Master Password Enforcement (Disabled By Default)

Considerations for Offline Access:

  • Offline mode on Web Vault is only permitted for Business and Enterprise customers. Personal licenses are not supported.

  • In order have a local repository to access offline the vault needs to have been authenticated to and synchronized online at least once. Ensure that "Remember Email" checkbox is selected on the login screen of the Web Vault.

  • The data in the vault will be as current as the last data push.

  • Master Password or Biometrics will support offline access.

  • By definition, Two-Factor Authentication protects cloud-based APIs and online authentication. When users authenticate to their vault, they authenticate both locally and on the server. During offline mode, the user is authenticating locally and decrypting their vault. Therefore during offline mode, users are not prompted for Two-Factor Authentication.