Why Choose Keeper Enterprise
Keeper is a cybersecurity platform for preventing password-related data breaches and cyberthreats.
Keeper is the only password and secrets management platform listed on the FedRAMP marketplace and available in the AWS GovCloud. Keeper Enterprise provides the highest levels of security and at the same time provides a simple user experience - with over 15 million users worldwide, Keeper is the proven industry leader.
Keeper is SOC-2, ISO27001 and FedRAMP certified. Keeper’s encryption has been certified by the NIST CMVP and validated to the FIPS 140 standard by accredited third party laboratories [view cert].
-> Request a Demo Passwords are the single greatest cause of a data breach. 81% of data breaches are due to weak or stolen passwords. Password management solutions provide an affordable and simple way for companies to solve the root cause of most data breaches. By helping businesses generate strong passwords as well as manage and securely share them among teams, they significantly reduce the risk of a data breach.

Zero-Knowledge Security Architecture

Keeper's architecture is the most secure in the industry. Built from the ground up with record-level encryption and client-side key generation, the foundation of Keeper Enterprise is built upon a model that ensures only the user is able to decrypt and access their privileged information.
The Keeper platform is built on an access layer and encryption layer. Access and authentication controls who is able to sync the encrypted ciphertext, and client-side encryption controls who is able to physically encrypt/decrypt the data. This foundation is what gives Keeper the ability to apply the most granular level of protection to user data and enables the core features and capabilities of the product.
Users, Roles, Teams, Records and Shared Folders are all protected and managed through the use of client-side generated keys. This complex distribution of keys is completely managed by the software with a simple and easy-to-use user interface.

Multi-Platform Access

Keeper is a cross-platform solution that provides full capabilities from every major platform and device including iOS, Android, Windows, Mac and Linux. Browser plugins are compatible with Chrome, Firefox, Edge, Safari and Internet Explorer.
The Keeper Administrator can restrict vault access to specific platforms based on security requirements of the enterprise. End-user vault applications can be used completely independent of one another, or used together. For example, using the Web Vault or Desktop Application does not require the installation of a browser plugin.
The Keeper Vault is available on all devices and computers, with award-winning native applications:
Native Desktop Apps
  • Windows
  • Mac
  • Linux
Browser-Based Apps
  • Chrome
  • Edge
  • Safari
  • Firefox
  • Brave
  • Other Chromium-based Browsers
Native Mobile Apps
  • iOS
  • Android
  • Chrome, Firefox, Edge, IE and Safari Browsers
Key differentiators
Keeper was named Best Password Manager by PC Mag in 2018, 2019, 2020 and 2021. Some of the reasons that customers select Keeper over the competition are listed below.

Fills Critical Gaps in Single Sign-On

SSO and SAML simplify login to many cloud applications, however, it does have its limitations. Keeper (with Keeper SSO Connect) complements the two major gaps with your SSO deployment:
  • Offering privileged access to applications that don’t support SAML protocols.
  • Enabling non-password use cases, such as management and sharing of digital certificates, SSH keys, API keys, secret notes, lists, files and more.
With Keeper SSO Connect, you can easily add Keeper to the apps that your IdP services. Whether you use AD FS, Azure, Okta, Centrify, Ping, JumpCloud or any other SAML 2.0 Identity Provider, Keeper will easily integrate. Keeper SSO Connect logs the user directly into their encrypted vault while maintaining full zero knowledge. Keeper SSO Connect is available as a customer-hosted or cloud-hosted high availability solution that preserves zero knowledge and allows the end-user to authenticate directly into their vault.
SSO Connect
For more information about Keeper SSO Connect, visit our web page: https://keepersecurity.com/keeper-sso-connect.html

Implement Zero Trust

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207 provides the following operative definition of zero trust and ZTA:
Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.
ZTA is an enterprise’s cybersecurity plan that uses zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a ZTA plan. [reference]
Keeper's least-privilege access model, encryption model and role-based access model support the zero trust implementation guidelines of NIST and provide organizations with a substantial leap forward in the journey towards zero trust.

Global Regions

Keeper provides customers with the selection of geographic regions where data resides in-country.
  • United States
  • GovCloud US
  • Ireland
  • Frankfurt
  • Australia
  • Canada (Q3 2022)
  • Japan (Q3 2022)

Role-Based Enforcement Policies

The ability to provide least privileged access to an employee is critical in the deployment of an Enterprise Password Manager. Keeper gives fine-grained control over what users are capable of accessing and managing within the platform through the use of customizable role policies. By providing a flexible role policy engine, you can lock down restrictions and access based on the risk profile of the employee. For example, you may want your IT Admins to be restricted from accessing their vault outside of the office network. Or you may want administrative assistants the ability to onboard new users, manage teams and run reports. The entire process is fully customizable through a user friendly interface. Role Enforcements Include:
  • Password Complexity Rules and Biometrics
  • Multi-Factor Authentication, Token Expiration and Device Restriction
  • Offline Access Restrictions
  • Allow IP Listing, Sharing and Data Export Restrictions
  • Account Transfers (employee offboarding and break-glass scenarios)
  • Administrative Permissions

Delegated Administration

Keeper Administrators can create organizational units (called Nodes). A role can be given Administrative permissions over the node (or sub-nodes) for which a role exists. This delegated administration allows different people in the organization to have management controls over subsets of teams of users, roles and shared folders. Users within different nodes can be provisioned and authenticated with different methods.

Eliminate the Risk of Critical Data Loss

Keeper's Zero Knowledge Account Transfer capabilities provide Enterprise customers with the peace of mind that an employee will never walk away with critical data when they leave the organization.

Increase Productivity Gains

Since 50% of help desk calls are estimated to be password related, there is a significant productivity gain by rolling out a password manager to your organization. When employees don't need to worry about remembering passwords, the cost savings are massive.

Meet Compliance Needs

Compliance is becoming even more complex with requirements mandating internal control policies and standards. Organizations in heavily regulated industries are audited for password enforcement policies and practices. Keeper's password security platform solves many of compliance and regulation enforcement requirements that organizations face. Keeper Security is the most certified solution in the industry:
  • SOC 2 Certified
  • ISO27001 Certified
  • FIPS 140-2 Validated
  • GDPR Compliant
  • GSA Certified
  • SAM Certified
  • Privacy Shield Compliant
  • FedRAMP Moderate
Keeper is the only password and secrets management platform listed on the FedRAMP marketplace and available in the AWS GovCloud.