Vault Offline Access

Offline access is a common use case for organizations who require vault access in poor network conditions or when SSO is unavailable.

Overview

Offline Mode allows users to have access to their vault from a web browser when they are not able to connect online to Keeper or to their SSO Identity Provider. This capability is available on Keeper's mobile app, desktop application and extended to Business users on popular web browsers.

The capability works by making a copy of your vault to your local device. The vault data is stored in an encrypted format which is only accessible if the user provides their Master Password.

Multiple users can share a single device (e.g. a laptop PC) and all will have their vault stored safely on that PC when offline.

Platforms that Support Offline Access

Platform

Version

Mobile

iOS

Mobile

Android

Desktop

Keeper Desktop App (Mac, Windows, Linux)

Web Browser

Web Vault (Chrome, Safari, Firefox, Edge)

User Device Setup

Users' devices (e.g. laptops that might not have offline access) will need to be “primed” with a cache of their vault by logging into with an online connection at least once. A mirror copy of their vault will be replicated to that device once completed.

Mobile Device Setup

Offline access on mobile devices is accomplished through the use of biometrics. iOS Face ID / Touch ID, Android fingerprint are supported.

Web and Desktop Vault Setup

On the Web Vault and Desktop App, users will know if their vault is available offline via a lightning bolt icon indicating their data has been loaded on that device.

If the icon is not present then the user will need to login at least once while online. The Remember Email checkbox must also be checked by the user in order for the offline vault to be stored on that device. If not, offline vault will not be stored.

Logging In Offline

To login offline, click the "Work Offline" button on the lower right.

Click on Work Offline

Once logged in, the user will know if they are offline by seeing an Offline Mode text indicator at the top of the vault screen.

Not all vault features are available online and record's will be "read only". For instance users can't create any new vault content such as record or folders when offline. When such a limitation occurs then a notice message will be displayed.

If the device is being used temporarily (e.g. a borrowed PC), then the stored offline vault can be deleted from that device by clicking the X next to a login email.

To resume the session online, click on "Go Online" at the upper right:

Go Online

Work Offline with SSO-Enabled Account

If your organization's SSO is not available (e.g. is offline), click on "Work Offline" then click on "Enterprise SSO Login" > "SSO User with a Master Password" to gain access to your vault offline.

SSO Work Offline
SSO Master Password for Offline Login

From the login screen, enter your Master Password to login offline.

SSO Master Password Offline Login

A user's Master Password has to be setup via their Settings menu for this offline access to be available.

Setting up SSO Master Password

When logging in offline on a Web Browser (Chrome, Firefox, Safari, Edge), the user must navigate to this exact URL: https://keepersecurity.com/vault or https://keepersecurity.eu/vault

Administrative Guide

Admin Console Interface for Offline Mode

Offline access for users can be enabled or disabled via the Admin Console Enforcement Policies with a simple toggle, by default this feature is enabled.

Mobile devices (iOS, Android) must enable the use of Biometrics in order to utilize offline access. By default, biometrics are enabled.

Enable Biometrics Enforcement

Offline SSO & Master Password

To provide users who normally login with SSO the ability to access their vault in offline mode, the Keeper Administrator can enable the use of a Master Password as a role-based enforcement, this feature is disabled by default.

To enable SSO users the ability to set a Master Password for offline access, turn "on" the Allow users who login with SSO to create a Master Password toggle in the Login Settings section of the Role Enforcements Menu.

SSO Master Password Enforcement (Disabled By Default)

Considerations for Offline Access:

  • Offline mode on Web Vault is only permitted for Business and Enterprise customers. Personal licenses are not supported.

  • In order have a local repository to access offline the vault needs to have been authenticate and synchronized online first at least once.

  • Ensure that the Remember Email checkbox is selected at the login screen of the Web Vault.

  • The data in the vault will be as current as the last data push.

  • Master Password or Biometrics support offline access.

  • By definition, Two-Factor Authentication protects cloud-based APIs and online authentication. When users authenticate to their vault, they authenticate both locally and on the server. During offline mode, the user is authenticating locally and decrypting their vault. Therefore during offline mode, users are not prompted for Two-Factor Authentication.