過去のリリース
直近の10リリースより古いリリースノート
古いリリースノートの内容もまだ利用可能ですが、過去10回分のアップデートより古いものはここに掲載されています。
管理コンソール 16.16.0
2024年1月15日リリース
概要
今回のリリースでは、ビジネスユーザーおよびエンタープライズユーザー向けに「詳細な共有設定の強制」と「唯一の2FA方法としてのセキュリティキー」の2つの機能が実装されます。
詳細な共有設定の強制
KA-5689: Keeperの詳細な共有設定の強制により、管理者は記録の作成と共有に対する詳細な制限をユーザーロールに適用できるようになります。管理者は、ロール強制ポリシー内の「作成と共有」セクションで設定できます。
詳細な共有設定の強制 (動画)
唯一の2FA方法としてのセキュリティキー
KA-5628: Keeper管理者がロール強制ポリシー設定を介して唯一の2要素方式としてハードウェアベースのセキュリティキーの使用を強制できるようになりました。さらに、管理者は、FIDO2ユーザー認証のために、キーと組み合わせてPINの入力を要求できるようになりました。FIDO2 セキュリティキーの詳細については、こちらをご参照ください。
唯一の2FA方法としてのセキュリティキー (動画)
セキュリティキーの強制に関する注意点
FIDO2セキュリティキーの強制のサポートは、デバイスのOSとファームウェアの機能に応じて異なる場合があります。
iOS版KeeperではNFCキーの使用が必要となります。
唯一の要素としてのセキュリティキーを有効にするには、ウェブボルトかKeeper Desktopを使用する必要があります。iOS、Androidでの唯一の要素としてのセキュリティキーの登録については、今後のリリースで対応予定です。
iOSアプリ拡張機能 (自動入力機能使用中) など、モバイルアプリケーションの一部コンポーネントでは、ネイティブでNFCハードウェアキーがサポートされていません。KeeperのiOS チームでこの問題の回避策を開発しており、2024年1月末にKeeper iOSバージョン 16.10.10 でリリース予定です。iOSメインアプリとiOS自動入力拡張機能の間のログインセッションを拡張して、再認証の必要性を減らすことで解決します。
PIN要件は、デバイスの機能に基づいてサポートされてます。本項目の執筆時点では、モバイル OSでのPIN強制のサポートは制限されています。ユーザーがモバイル端末からKeeperにアクセスしている場合は、PINの強制を推奨しません。
管理コンソール 16.15.0
2023年9月12日リリース
新機能
KA-4724: SSOクラウド設定画面でのクラウドSSO SAMLパラメータとしてForceAuthnに対応。SAMLリクエストで ForceAuthn="true"が設定されている場合、サービスプロバイダ (Keeper) からアイデンティティプロバイダへ、ユーザーがすでに認証されている場合でも新しい認証済みセッションを強制する必要があることを伝えます。
EM-4577: Splunk、Syslog、QRadar、 LogRhythmのセットアップで、Unverified Certificates (未確認の証明書) に対応。
EM-5071: ユーザーが無料の家族向けライセンスを作成できないように制限する「Keeper Family ライセンスへの招待を禁止する」というロール強制ポリシーを追加。
EM-5850: ブラジルポルトガル語への対応
EM-5278: エクスポートされたセキュリティ監査レポートに各ユーザーのノードパスを追加
EM-5926: 2FAの期間に12時間と24時間を追加
EM-5242: モバイル端末でもMSP およびEnterpriseの無料トライアルサインアップの作成を許可。以前はデスクトップブラウザーに限定されていました。
EM-5236: 新機能のプロモーション情報を含むログイン画面
バグ修正
KA-4144: 同期ボタンをクリックしないと記録タイプの変更がコンソールに同期されない不具合を修正
EM-4750: SSOユーザーが管理コンソールへログインしようとする際にマスター パスワードを要求されることがある不具合を修正
管理コンソール 16.13.2
2023年7月5日リリース
機能改善
EM-5804: デスクトップアプリケーションからのLastPass共有フォルダのインポートを制限するRESTRICT_IMPORT_SHARED_FOLDERSを実装しました。
不具合修正
EM-5701: 1,000人以上のユーザーがいる場合、管理コンソールのユーザーステータスレポートで「最終ログイン」データが空でした。
EM-5770: 理者コンソールにログインしても、保留中のチームユーザーが承認されないことがありました。ユーザーを承認するには、[完全同期]をクリックする必要があります。
EM-5685: ユーザーリストのページネーションセレクタが画面外に出てしまう。
EM-5610: コンプライアンス・レポート・セクションで、管理者は "保存 "フィルタ・ボタンを複数回クリックすることができ、クリックするたびにフィルタが作成されます。
EM-5838: GovCloudリージョンで、Secrets Managerのローテーション ポリシーを有効にすると、白い画面が表示されます。
さまざまな言語とUIの修正
管理コンソール 16.12.0
2023年5月2日リリース
機能
EM-5703: リカバリーフレーズの実装 新しいより安全な24単語の「リカバリーフレーズ」機能でアカウント回復プロセスをアップグレードしました。詳しくはKeeper ブログをご覧ください。
このアップデートにより、アカウント回復を無効にする既存の設定は、リカバリーフレーズメソッドに加えて、従来のセキュリティアンサーにも適用されるようになりました。 以下の点にご注意ください。
現在セキュリティ回答を持つユーザーには、セキュリティの質問/回答を自動生成された 24 語のリカバリフレーズに置き換えるよう求めるプロンプトが表示されます。
このポリシーがすでに無効になっている場合、ユーザーにプロンプトは表示されません。
リカバリフレーズを制限するようにポリシーを変更すると、すべてのユーザーに即座に反映されます。
不具合修正
EM-5758: SSOマスターパスワードポリシーの言語と機能が少し更新されました。以前は、SSOマスターパスワードを作成したユーザーは、管理者がポリシーを適用した後でも、このログイン方法を使用できました。現在は、このポリシーが適用されると、ユーザーはログインもマスターパスワードの作成もできなくなります。この情報を反映するために、ユーザーインターフェースの文言が更新されました。
Admin Console 16.11
Released on April 19, 2023
Admin Console 16.10.3
Released on Jan 3, 2023
Admin Console 16.9.0
Released on Oct 20, 2022
Features
Share Admin Keeper's Share Admin feature is a role-based permission that gives administrators elevated access rights over your organization's shared folders and shared records. Share Admins have full user and record privileges for any shared record that they have access to. See: https://docs.keeper.io/enterprise-guide/share-admin
Introducing Share Admin
Bug Fixes
EM-5569, EM-5581, EM-5557, EM-5587, EM-5590, EM-5608, EM-5602: Multiple layout or visual issues
EM-5605: Remove "include myself in team" when MSP is logged into MC console and creating a team.
Admin Console 16.7.1
May 24 2022
Features
EM-4860: Role Enforcement: Set Stay Logged In default setting to "On" for new users in this role
EM-4881: Role Enforcement: Enable "Self Destruct" for users in this role
EM-5291: Mask prices on enterprise receipts when enterprise licenses sold through a distributor or reseller
Bug Fixes
EM-5321: SSO migration status shows "complete" immediately after configuration
EM-5092: ARAM timeline events with low numbers are displayed incorrectly
EM-4933: Missing descriptive text on "forgot password" screen
EM-4852: User able to create a role with a blank name
EM-5287: Persist hover controls on role detail screen
EM-5268: Display issue with node selector
EM-5328: Console screen freezes when trying to unlock a locked account
EM-5342: MSP Console screen goes blank when selecting license allocation history
EM-5343: Incorrect expiration date on subscription banner
Admin Console 16.7
Released on May 4, 2022
Admin Console 16.6
Released on March 31, 2022
Features
EM-5178: Automated SSO Migration from On-Prem to Cloud
More information about the migration tool can be found here:
https://docs.keeper.io/sso-connect-guide/sso-migration-to-cloud
The Admin Console allows the creation of SSO Connect and SSO Connect Cloud on same node on provisioning screen and will display the status of migration to cloud.
Please request a support engineer for assistance with migration before you start the process.
EM-5159: Redirect method for SSO login
With this change, users who login to the Admin Console with SSO will login with a URL redirect (similar to the Web Vault) instead of a popup window. This change prevents timing-related issues with login.
Bug Fixes
EM-5007: Changing a user's name is not showing in search results
EM-5086: Admin Console throws errors when approving SCIM users and teams.
EM-5222: Show the authentication method used in ARAM login events.
EM-4895: Users imported through CSV not being assigned to specified role
Admin Console 16.2
Released on Jan 6, 2022
Features
EM-4704: Keeper Secrets Manager
Keeper Secrets Manager provides your DevOps, IT Security and software development teams with a fully cloud-based, Zero-Knowledge platform for managing all of your infrastructure secrets such as API keys, Database passwords, access keys, certificates and any type of confidential data.
Product Overview
Documentation for Secrets Manager
Admin Console 16.1.1
Released on Nov 11, 2021
Bug Fixes
EM-5068: Transfer Account fails with 'authentication tag not found'
EM-5060: Upgrading to an existing Managed Company to "Plus" plan does not add the add-ons
EM-5059: Drag and drop a company logo is not working
EM-4957: When MSP admin creates an alert for a managed company, they cannot select an alert frequency.
EM-5070: Showing "Unknown login error" when the user's device is locked
EM-4876: Column names on security audit report are not localized
EM-4468: Adding a custom email invite with too much text is failing on save
Improvements
Clarified the meaning of the "Prevent users from creating identity and payments records" setting.
This setting will only apply to the identity and payments section of the vault. If users still have access to “Address” and “Payment” record types, they will be able to create those records. To disable, navigate to the “Record Types” section of the appropriate role policy.”
Added Devo as a SIEM provider
Admin Console 16.1.0
Compliance Reports and Record Types Release for General Availability
New Features
Compliance Reports (General Availability)
Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package. (See Admin Console 16.0.0 release notes or "Compliance Reports" section of the Enterprise Guide for more details on the feature.)
Note: Record types will automatically be activated when Compliance Reports is activated as a trial in the Admin Console, or purchased through sales. Record types may not be available yet for iOS and Android devices.
Record Types Controls (General Availability)
Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node. (See Admin Console 16.0 release notes or "Compliance Reports" section of the Enterprise Guide for more details on the feature.) To effectively turn off Record Types for your enterprise, create a default role at your enterprise root node and assign a record types enforcement policy that turns off all record types except "General", then assign all enterprise users to this default role.
New Reporting and Alerting Events (General Availability)
See release notes for Admin Console 16.0.0 for the list of new Advanced Reporting and Alerting events logged in support of the new features in this release.
Bug Fixes
EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
EM-4958: Not logging Compliance Reports “exported report” events to ARAM.
Known Issues
EM-5057: Records shared outside the enterprise to consumers will not show the consumers listed in the report. The records shared with consumers will be listed as "shared" in the report but the consumer user names and permissions will not be shown.
EM-5056: Some Folder and Record UIDs are not translating correctly when exporting CSV records files to Microsoft Excel.
EM-4884: Custom record type template changes are not automatically reflected in the Admin Console without a manual sync or administrator login.
EM-5041: User Reports that are exported before the Compliance Report is generated and saved, are not logged as ARAM events.
EM-5053: Custom URL fields in records are not captured in Compliance Reports.
Admin Console 16.0.0
AWS GovCloud Release with beta features: Compliance Reports and Record Type Controls
New Features
🇺🇸 Support for AWS GovCloud (FedRAMP)
Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.
Record Types Admin Controls
Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.
Compliance Reports
Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.
Security Model for Compliance Reports
To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:
Record Title
Record Type
URL
Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.
New Reporting Events
The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.
New ARAM Events
Event
Category
Description
compliance_report_saved
compliance
Compliance report UID ${app_uid} saved by ${username}
compliance_report_downloaded
compliance
Compliance report UID ${app_uid} downloaded by ${username}
compliance_report_exported
compliance
Compliance report UID ${app_uid} exported by ${username}
compliance_report_deleted
compliance
Compliance report UID ${app_uid} deleted by ${username}
saved_criteria_saved
compliance
Compliance report criteria UID ${app_uid} saved by ${username}
saved_criteria_edited
compliance
Compliance report criteria UID ${app_uid} edited by ${username}
saved_criteria_deleted
compliance
Compliance report criteria UID ${app_uid} deleted by ${username}
record_type_created
policy
Admin ${username} created record type "${name}"
record_type_updated
policy
Admin ${username} updated record type "${name}"
record_type_deleted
policy
Admin ${username} deleted record type "${name}"
Bug Fixes
EM-4867: Renew button is not active on expired accounts
EM-4871: Node and device type attributes for ARAM not working
EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen
EM-4878: Expired accounts cannot pay on the Administrator Login screen
EM-4904: Event types in ARAM reports erroneously displaying scroll bar
EM-4875: Deleted users saved to ARAM report results in white screen
EM-4899: Adding role to a user does not display until admin logs in or manually syncs
EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date
EM-4930: Not able to delete users from enterprise
EM-4944: User can change email address without a correct master password
EM-4953: ARAM BreachWatch events are not being listed correctly
EM-4971: Getting server failure when attempting to move a user to a new node
Known Issues to be fixed before General Availability
EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.
EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
EM-4958: Not logging Compliance Reports “exported report” events to ARAM.
Admin Console 15.3.3
Released on June 22, 2021
Features and Improvements
EM-4629: Added Role Enforcement to disable Windows Hello
EM-4550: Added clarification to Data Center chooser on registration
EM-4804: Node names not appearing in ARAM events for Created Node
EM-4786: New managed companies showing %NaN
EM-4511: ARAM Timeline report UI issues
EM-4435: Usernames are duplicated in ARAM filters
EM-4810: Improved UI of dashboard when logging in
EM-4720: New Role Policy to Automatically resend invites every X days
EM-4859: Console freezes if queued user approval contains user that was deleted
EM-4843: Inconsistent mouse hover treatment on Create Team link
EM-3409: Include Date and Time on the User Report
EM-4708: Prevent deletion of nodes that contain Managed Companies
Bug Fixes
EM-4811: MSP License Pool does not update on Quick Sync
EM-4808: Transfer Status does not update on Quick Sync
EM-4596: IP Blocked events not appearing in ARAM
EM-4515: Removing Record from Shared Folder not appearing in ARAM
EM-4731: ARAM alert webhook translations not correct
EM-4778: Export users on large data set fails
EM-4762: Searching for user not always showing the best match
EM-4380: Error logging in with Legacy Edge
EM-4836: Transfer Account fails silently on corrupted records
EM-4841: Last 24 hours timeline chart not showing properly
EM-4853: Isolated nodes are losing setting on logout and login
EM-4644: Security Audit Tab some users are invisible
Admin Console 15.3.0
Release ETA on May 20, 2021
New Features
Webhooks
Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.
Popular uses of Webhooks are the following:
Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms
Integrating Keeper events into your custom software, hosted in the Cloud
Developing integrations into Keeper using 3rd party platforms
More Info available here: https://docs.keeper.io/enterprise-guide/webhooks
Improvements
Performance improvements for customers with a large user base (tested with over 200,000 users)
New Incremental and Full Sync capability.
Additional Real-Time pushes of incremental changes with push notifications (for example, when users are added/invited/created you don't need to click "Sync")
Display of Node Isolation setting within the user interface
New enforcement policy to disable Security Question & Answer (Account Recovery)
As a reminder, there is a new enforcement policy to disable HTTP Fill warnings on the Browser Extension. This is helpful for developers and internal websites that don't use SSL.
Bug Fixes
EM-4624: Selecting non-US country for alert phone number results in invalid phone number
EM-4584: Timeline Chart does not reflect changes when the various time ranges are selected
EM-4139: BreachWatch events in Timeline Chart are not visible
EM-3398: "Removed User from Team" and "Removed User from Role" events are missing from ARAM event types
EM-4361: White screen appears after adding user to a team
EM-4633: User receives error message when the default role check box is selected
EM-4635: The root node is named "root" rather than the organization name
EM-4637: Admins unable to view ARAM section of console
EM-4642: A white screen appears when selecting Managed Companies section of console
EM-4641: A crash occurs when searching for or clicking on a user from the Roles tab
EM-4647: A white screen appears when attempting to create a custom report in ARAM
EM-4643: The user's billing history is not appearing in the Subscriptions menu
Admin Console 15.0.5
Estimated Release Date: December 18, 2020
Improvements
EM-4424: Addition of a KeeperFill role enforcement policy that enforces all settings/features of the Browser Extension
Bug Fixes
EM-4556: Syslog push sends the wrong TLS setting to the server
EM-4559: Sending Keeper Push on a non-SSO account on console generates a reference error
EM-4562: 2FA duration enforcements are not enforced on clients
EM-4567: Admin gets a white screen when they receive a device approval request from a user they don't manage
EM-4569: Selecting "Deny" on device approval request generates an error in the inspector
EM-4570: Unable to create a trial when linking from an iframe in a 3rd party site
EM-4574: Change Master Password request fires twice
EM-4554: Opening console login page in new window when "stay logged in" is enabled, a blank console screen appears
EM-4544: Account_Recovery is displayed as a key value in ARAM event types
EM-4540: Account recovery dialogue displays incorrect error text
EM-4529: Admin's changed email is not displayed at login when "Stay logged in" is enabled
EM-4507: Master Password Expiration and Logout Timer enforcements are missing duration descriptions
Admin Console 15.0.4
Estimated Release Date November 4, 2020
Bug Fixes
EM-4390: Admin unable to delete Cloud SSO configuration instance
EM-4364: Logging into a console that contains requests in the approval queue generates an error message
EM-4460: Reloading the "Create Trial" page does not allow the user to enter an email address
EM-4456: Key value is displayed for the "Disable in-app onboarding" enforcement policy event in ARAM
EM-4455: Key value is displayed for the "Restrict persistent login" enforcement policy event in ARAM
EM-4454: Key value is displayed for the "Restrict commander access" enforcement policy event in ARAM
EM-4451: Admins are unable to edit an existing custom email invitation
EM-4450: No error message is presented to the Admin in their attempt to remove themselves from the Keeper Admin role
EM-4263: Inviting a reserved domain user triggers an incorrect error message
EM-4423: User receives no feedback on team keys they can't retrieve (due to legacy issues)
EM-4469: After turning 2FA off, the setting appears to remain on until the Admin logs out/in
EM-4490: "Pending Transfer Acceptance" status is not displayed when a user is added to the transfer role
EM-4479: Reset security question tool tip unexpectedly closes when the user attempts to select the presented link
EM-4476: Key value is displayed for the "out of seats" event in ARAM
EM-4501: Login with Yubikey generates persistent "Touch Security Key" dialog and generates error message
EM-4502: User searches for roles in the "User Details" screen are case sensitive
EM-4497: Admins are unable to select user details for users that are in an invited/blocked state
EM-4506: Cache race condition causes users that are added/removed from a team to fall out of sync
EM-4508: A white screen containing errors is displayed when an user selects toggle for the auto logout timer enforcement policy
Admin Console 15.0.3
Release ETA October 16, 2020
Features and Improvements
EM-4148: Search for Roles Feature - Admins now have the ability to search for a role within the "Add User" dialogue by entering a search string to quickly locate and add a user to a desired role. This is particularly helpful for customers that have many roles and their workflow requires adding one or more roles to a single user.
EM-4471: Support for SAML 2.0 IsPassive option in Cloud SSO
Bug Fixes
EM-4385: Error message fails to appear when Admin attempts to configure Cloud SSO in the root node
EM-4378: User is logged out when submitting empty text field(s) in attempt to reset their security question or change their email
EM-4377: Eyeball icon fails to reveal password in Reset Master Password screen
EM-4284: RSA SecurID screen notifies the user a text message has been sent rather than requesting the 2FA code
EM-3880: A 400 error is generated for Save_summary_security_report when a user attempts to login to MC from MSP
EM-4054: Incorrect error message appears when Admin attempts to move a parent node into a child node
EM-4444: User unable to reset their security question when 2FA is enabled
EM-4462: User is unable to close backup code screen upon setting up SMS method for 2FA
EM-4484: White screen and error in inspector appear when user toggles on the logout timer role enforcement policy
EM-4413: Improved web socket handling
EM-4421: "Stay Logged In" language and feature is reversed
EM-4416: No submit button when creating business trial
EM-4387: Translations missing on SSO Connect view screens
EM-3876: Share event type in ARAM has duplicate name
EM-3820: Emails with slash "/" not receiving email invite
EM-3701: Email is saved even when "remember email" is unchecked
EM-4436: No security audit data in admin console for new Managed Company
EM-4452: Commander SDK platform not enabled by default (reversed)
EM-4465: Login with Yubikey fails on Firefox browser
Known Issues
The next release, v15.0.4 will contain the following fixes:
EM-4405: SSO Login with Edge issues
EM-4380: Login with Legacy Edge issues
Admin Console 15.0.1
Released September 1, 2020
Enhancements & Benefits
EM-4446: "Deny" button has been added to the Device Approval Screen
EM-4398: Addition of persistent session enforcement policy
EM-4394: Addition of disable onboarding enforcement policy
EM-4365: Support for new methods of Device Approval (Keeper Push, Admin Approval)
EM-4206: Addition of session persistence setting, allowing Admin to stay logged into Keeper when they close their browser or restart their computer
Bug Fixes
EM-4427: Entering characters in the IP address(es) allowed field causes a crash and generates errors
EM-4419: DUO push fails on "Forgot Password" flow
EM-4418: User receives error attempting the "Forgot Password" flow after entering new password
EM-4328: White screen appears upon entering approval queue after deleting last user approval request from list
EM-4232: During the account recovery flow, the user's cursor defaults to the second field of the new password screen.
Various design errors and inconsistencies
Admin Console 15.0.0
Released September 3, 2020
Features & Benefits
Keeper SSO Connect™ Cloud leverages Keeper’s zero-knowledge security architecture to securely and seamlessly authenticate users into their Keeper Vault and dynamically provision user vaults to the platform. Keeper supports all popular SSO IdP platforms such as Okta, Microsoft Azure, Google G Suite, Centrify, OneLogin, Ping Identity, and more. This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console. More information available here: https://docs.keeper.io/sso-connect-cloud/
Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3
Bug Fixes
EM-4360: Device approval events in ARAM reports are displayed as key values
EM-4352: SAML Debug Log is incorrectly sorted from oldest to newest
EM-4341: User unable to change Cloud SSO service endpoints
Various design inconsistencies
Admin Console 14.5.0
Released June 10, 2020
Features & Benefits
Privacy Screen - Admins now have the ability to control the viewing (unmasking) of passwords based on a specified domain. This policy is enforceable by the Admin for individual domains within each of their Generated Password Complexity settings by enabling "Apply Privacy Screen".
Master Password Re-entry Enforcement - This role enforcement allows Admins to require their users to re-enter their Master Password in order to unmask or copy a password. Once unmasked, the password will be re-masked after 30 seconds have passed.
Sharing & Uploading Enforcement Policy - This role enforcement policy allows Admins to prevent their users from importing records from Web App and Desktop App.
Auto-Approval of Teams in the Admin Console - Rather than requiring a manual approval from within the approval queue, queued teams (via SCIM and Bridge) are now automatically approved. Additionally, active users will automatically be added to their relevant teams.
Bug Fixes
Fixed: Managed Companies are not being added to the intended node.
Fixed: Restrict import enforcement events are displayed as a key value in ARAM.
Fixed: There are no available attributes for the user to select from the dropdown menu in the SCD Provisioning dialog.
Fixed: Error message received when an Admin attempts to move a Managed Company to another sub node.
Fixed: Various design issues.
Admin Console 14.4.2
Released May 20, 2020
Benefits & Enhancements
Saving Enforcement Policies - This update includes the removal of the "Save" button from the Enforcement Policies screen. Any changes the Admin makes to the Enforcement Policy Settings, will now save automatically as the changes are being made.
Bug Fixes
Fixed: An error message is generated when an Admin attempts to switch the toggle on/off for "Logout Timer" Enforcement Policies.
Fixed: An error message is generated when an Admin attempts to switch the toggle on/off for "Purging Deleted Records" Enforcement Policies.
Fixed: Some enforcements when selected or changed, display key values.
Fixed: Adding a user to a pending transfer role fails to update the user's status until a manual sync is initiated.
Admin Console 14.4.1
Released May 15, 2020
Admin Console 14.4.0
Released May 5, 2020
Features & Enhancements
Team-to-Role Mapping - This release introduces team-to-role mapping, a major improvement to the way Admins manage role-based access control policies (RBAC) across their organizations. This allows Admins to use their existing identity provider to assign users directly into teams that can be assigned custom roles. Furthermore, a user who is a member of a team assigned to a role, will assume the enforcement of that given role. This new feature will not only increase efficiency when managing role enforcements, but improve policy consistency and reduce the occurrence of errors.
Subfolders Included in Vault Transfers - A transferred account will be replicated in its structure and content and will now include subfolders. All data will be transferred to the recipient and housed in a dedicated transfer folder, named to match the original owner's email address, and will include all transferred records, folders, and subfolders.
Improved UI - Admin Console provides improved UI support for small screen laptops and tablet devices.
Bug Fixes
Fixed: A "Request Failed" error appears when a Admin user's session times out.
Fixed: SCD Provisioning user dialogue does not display the correct user count when all users are selected.
Fixed: A secondary prompt briefly opens and closes after a user closes out of the "Transfer Account" prompt.
Fixed: The "Timeline Chart" report in ARAM displays all available events rather than defaulting to the relevant events specific to that report.
Fixed: Various spacing and alignment issues.
Admin Console 14.3.5
Released March 12, 2020
Enhancements & Benefits
KeeperFill Browser Extension Enforcement Update - Admins now have the ability to prevent their users from enabling the Auto Submit and Prompt to Fill features in the KeeperFill Browser Extension.
Two-Factor Authentication Enforcement Update - Admins now have the ability to disable 2FA for their users without having to contact Keeper support.
Bug Fixes
Fixed: The "accept" button is unresponsive when an Admin attempts to accept a vault transfer within the console (the user is still able to accept the transfer from their vault).
Fixed: An error message is received when a user attempts to resend a code for SMS 2FA (Two-factor Authentication).
Fixed: Users are unable to modify the name of the MSP "license purchaser" role.
Fixed: When an Admin sets the logout timer enforcement setting for web apps to 180 minutes, users are only able to set their logout timers to a maximum of 2 minutes.
Admin Console 14.3.4
Released February 28, 2020
Enhancements & Benefits
Edit User Module Enhancement - Previously, roles and teams that were removed via the edit user module, were unable to be re-added without saving and re-opening the module. An enhancement to the module has provided the ability for Admins to easily re-add roles and teams if removed by mistake, for example.
Bug Fixes
Fixed: Although users are correctly prompted at login for their security key, active keys are not appearing in the security key section of the console after user logs out and back in again.
Fixed: Teams and users are not consistently displayed across categories, causing the inability to add teams from the users section.
Fixed: Creating a new role that has administrative permissions (that includes transfer), prevents users from being added to that role.
Fixed: The option to unlock a user's account is not available once it has been locked from the edit user module.
Fixed: Various errors in design and visual prompts.
Admin Console 14.3.3
Released February 13, 2020
Enhancements & Benefits
Enterprise Data Removed from Application State - Large enterprises that were previously experiencing slow functionality when making changes (primarily in the Admin section of the Console) will now experience faster response time due to the separation of enterprise data from the user interface state.
LogRhythm SIEM Provider Update - A high resolution image update was created for LogRhythm, a SIEM (Security Information and Event Management) provider.
Bug Fixes
Fixed: The Managing Node drop-down menu within Managed companies is not displaying all available nodes.
Fixed: Current 2FA (Two-Factor Authentication) status is not displayed as expected within the Console Settings.
Fixed: The license history for Managed Companies is not correctly calculating net changes.
Fixed: Admin receives error message or unresponsiveness when attempting to delete or rename nodes within the Console.
Fixed: Error message does not present when an SSO user attempts forgotten password flow.
Admin Console 14.3.2
Released January 21, 2020
Benefits & Enhancements
Support for LogRhythm SIEM Provider - This release supports connectivity to LogRhythm, a SIEM (Security Information and Event Management) provider.
Full Node Structure for MSPs - The limitations for node structure creation have been removed, allowing for full node structure and provisioning methods as well as the creation of Managed Companies within sub-nodes.
Bug Fixes
Fixed: When an Administrator creates a new role, the name of that role cannot be edited.
Fixed: An error message is displayed as a key value when the SCIM (System for Cross-domain Identity Management) provisioning method is added to a node (other than the root node) when no values are entered by the user.
Fixed: Various visual issues, including key values incorrectly being displayed as errors.
Fixed: Selecting "Manage Companies (MSP)" is not saved when creating a new role and assigning user permissions.
Fixed: When a user logs in with Duo 2FA and selects "Don't ask for 30 days" they are incorrectly prompted again for Duo 2FA at next login.
Fixed: The settings for platform restrictions are not immediately reflected, requiring user to log out and back into the console to view changes.
Fixed: When selected as a secure add-on, the free trial for KeeperChat freezes the Console requiring the user to reload their browser.
Fixed: 2FA remains toggled on in security settings after previously being toggled off.
Fixed: The "Export" button within the Security Audit tab of the Admin Console does not work (Firefox).
Fixed: Various design issues, such as alignment and overlapping.
Admin Console 14.3.1
Released October 31, 2019
Bug Fixes
Fixed: Inability to add users to the administrative role after clearing cache or hard refreshing browser.
Fixed: User unable to remove a managed company that is in a "paused" state because "Remove" button is inactive.
Fixed: MSP administrator unable to log into Managed Company Console after setting-up 2FA Google Authenticator or SMS.
Admin Console 14.3.0
Released October 29, 2019
Benefits & Enhancements
Support for MSP Deployments - Seamless log in for MSP admins to a Managed Company.
Hyperlink Update - "Schedule a Demo" hyperlink for MSP users has been updated to Calendly.
Team Management by Admin - Admins are now able to manage existing teams (add/remove users) without being assigned to that team.
Bug Fixes
Fixed: Various buttons within Managed Companies and Admin Tabs are not working correctly.
Fixed: The advanced PBKDF2 Iterations setting should default to 100,000 instead of 10,000.
Fixed: An issue causing the Managed License Pool incorrectly track the removal of licenses.
Fixed: User is unable to activate and use Yubikey as expected within the Console.
Fixed: Infinite loading spinner appears when returning from DUO authentication page; user forced to refresh or close Console page.
Fixed: Various design inconsistencies and errors.
Admin Console 14.2.6
Released September 21, 2019
Bug Fixes
Fixed: Custom email content disappears after creation upon navigating in and out of the setting as well as from the "Edit" Screen.
Fixed: "Teams" rather than "User" appear for approval in the approval queue.
Fixed: No change takes place when user attempts to reset their security question (IE Browser)
Admin Console 14.2.5
Released September 19, 2019
Admin Console 14.2.4
Released September 18, 2019
Benefits & Enhancements
Hyperlink Update - "Schedule a Demo" hyperlink has been updated from Calendly to choice of: On Demand, Live Weekly, and Customized demo options.
Bug Fixes:
Fixed: Login page is performing a valid email check on every keystroke instead of when user selects the "Login" button.
Fixed: A checkout token is not created when user logs into an expired account and attempts to renew their subscription.
Fixed: Various display and design issues.
Admin Console 14.2.3
Released on August 12, 2019
Features & Benefits
A full user status report can be downloaded from the Admin Console Dashboard view. To download the report, click on (...) then "Download"
The report is a .csv file that contains the following columns:
Email
Name
Active/Invited Status ("active" or "invited")
Locked/Disabled Status ("locked")
Blocked/Pending Transfer ("blocked")
Last Login Date
Node Tree
Roles (pipe-delimited)
Teams (pipe-delimited)
Bug Fixes
Unable to add users to roles from certain screens. Fixed.
Unable to delete company logo. Fixed.
Filtering on user status does not work. Fixed.
Various bugs in team management.
Export button in Timeline charts not working. Fixed.
White screen experienced when moving users between nodes and logging in.
Admin Console 14.2.0
Released on July 25, 2019
This is a major feature update and bug fix release.
Features & Benefits
Password Generator Enforcement policy You can now specify the password generator complexity policy on a per-domain basis, or using wildcards can specify a larger matching pattern against domain names. This role enforcement feature has been added to the Vault Features screen.
Ability to specify the time zone when reporting alerts are sent via email and text message.
Added Azure Monitor Log Analytics and Generic Syslog to the list of supported External Sync targets.
Improved checkout flow from Admin Console to payment page via tokenization that does not require additional email validation.
Bug Fixes
F5 SSO Login issues on EU account in Safari, Admin accounts
Provisioning methods not being removed after deletion until logout/login
Display names under individual reports not linking to user detail
Selecting the "Settings" button causes errors in the console log
Add User dialog from Roles hangs the browser
YubiKey not prompted and defaults to backup 2FA method
Firefox setup of YubiKey not working
Change email address feature not sending verification code
Editing user results in blank screen
Last email address used is showing up in login after logging out
Resolved issues adding members to teams from certain views
Admin Console 14.1.2
Released on July 1, 2019
This is a bug fix release focused on the BreachWatch business 14.1.0 release.
Bug Fixes
Visual UI optimizations
Improved loading speed of initial login on new device
Internet Explorer UI issues
Accepting Vault Transfer prompt results in error
Duo Push errors on login
Approval Queue UI issues
Clicking on tabs runs a data sync to improve responsiveness to new data
Localizations in German
Features
New Keeper logo, branding, fonts and colors
Admin Console 14.1.0
Released June 20, 2019
This is a major feature update for BreachWatch Business.
Features & Benefits
BreachWatch Business V1 Launch
New Dashboard View
Optimized Node Tree navigation for customers with a large number of nodes
Incorporation of BreachWatch events in Advanced Reporting & Alerts Module
BreachWatch detail screens
Refactor of Security Audit screen to consolidate and simplify the UI
Billing support for BreachWatch Business
New Approval Queue screen incorporated into left navigation
Additional BreachWatch-related enforcement policies
Improved Search UI along top header
For detailed BreachWatch related updates visit the below links:
Admin Console 14.0.3
Released April 22, 2019
Admin Console 14.0.2
Release date April 17, 2019
This release is focused on bug fixes and performance improvements.
Issues Resolved
Search the console within Internet Explorer
Audit & Reporting visual issues
Inviting users from another enterprise account caused confusion
Reduce the number of Audit Event alerts on multi-record operations
German translations missing in several screens
Subnode beneath the root node is being highlighted by default when logging in
Admin Console 14.0.1
Release on March 27, 2019
This release is focused on bug fixes and performance improvements.
Issues Resolved
Purchase issues with Advanced Reporting & Alerts Module
YubiKey login stores the 2FA token longer than the enforcement policy
Email invitation formatting
Audit report events with backslashes showing in event name
Duo Security login issues related to storage of 2FA device token
Formatting of Audit and Reporting display
Cascade Node Permission error
Searching within sub-node administrators
Timeline chart display issues
Highlight text color more readable
Localization issues
Security Score calculation issues
Admin Console 14.0
Release date: March 28, 2019
Features & Benefits
Enable/disable offline mode, now with web browser support (Chrome, Firefox, Safari, Edge)
Enable/Disable use of a Master Password with Single Sign On for use both online and offline.
New enhanced search capability
Security updates (additional encryption layer) for v14 Backend API
Bug Fixes
Added event tracking for "Activated Email Provisioning"
Visual Improvements
IBM QRadar integration bug fixes
Various minor UI bug fixes
User redirect issues resolved with Google SSO Admin
Throttled user login with SSO does not generate error message
SMS setup in 2FA did not display error when entering the wrong code
Page crashes clicking on certain Alert screens
2FA token not retained on the Admin Console when "prompt every time" is enforced
What's Next
BreachWatch for Business and a new enhanced Dashboard is coming in the next release (14.1.0) of the Admin Console
Admin Console 13.3
February 28, 2019
Reporting & Alerts Module
The all new Reporting & Alerts module is a powerful Add On which provides customized event-based reporting and auditing capabilities.
Enhancements & Benefits
Major new functionality is provided in this release via the optional Advanced Reporting & Alerts Module.
Based on 75+ events generated from Keeper client devices and activities utilizing the Keeper backend
Maintains strict Zero-Knowledge architecture, no reveal of record information possible to administrators
Offline events are buffered on client then uploaded when reconnected
Events Timeline
Displays Top 5 events (those with highest event counts) during the period
Period selectable between Last 30 Days, 7 Days, or 24 Hours.
Shows % of total for each event
Customizable to show different events (other than Top 5)
Mouseovers to show each date
Reporting Engine
Basic report for Recent Activity includes all events
Advanced allows customizing and saving reports
Wide variety of events types & attributes to focus views
Customizable column headings
Exportable log data to SIEM, Syslog, spreadsheets, etc.
Alerts
Choose from wide array of event types and attributes via filters
Send alerts via email or SMS text
Control frequency of alerts with multiple types of settings
3rd Party Secure Information & Event Management support via External Logging
External logging of all events
Simple set up for Splunk, Sumo, Amazon S3, IBM QRadar
All reported events are also available from the Keeper Commander SDK
Known Limitations
No limit on events logged
Report viewer limited to showing up to 1000 events at a time (10 pages of 100 events)
Maximum 100 SMS alerts per day (per enterprise)
No limit on Email alerts
QRadar support not available yet
Coming Soon
Admin Console 13.2
Released on February 7, 2019
Enhancements & Benefits
Improved mobile / tablet support
Enterprise licensing flows and subscription management
Left-hand navigation
Major performance improvements to Recent Activity backend event tracking
Preparation for upcoming Advanced Reporting & Alert module
Known Limitations
The "Recent Activity" screen is limited to 16 event types, and will only retrieve the most recent 1,000 events from the backend system. Please use Keeper Commander API for full event logging historical data and integration into SIEM systems.
Coming Soon
Admin Console version 13.3 contains a major advancement of the event reporting capabilities in Keeper Enterprise and will be available for beta evaluation on February 15, 2019 and full launch on February 25, 2019. Please contact your Keeper sales representative for early access.
Admin Console 13.1
Release date: January 17, 2019.
Enhancements & Benefits
This release contains several new role enforcement policies, visual improvements to the role enforcement policy section, additional refinements for existing role policies, and bug fixes to address known customer issues.
Custom Logout Timers
Previously, logout timer enforcements were limited to certain intervals between 1 minute and 24 hours. Now, you can customize the value of the logout timer in increments of minutes. To enforce a logout timer, turn the switch to the ON position and then specify the logout timer setting as seen below.
Note, "Disable email invitations" enforcement policy was also moved into this Account Settings role enforcement policy screen.
Platform Restrictions
By default, access is granted on all role enforcement policies. We have now added KeeperChat platform restriction policies. You may restrict the use of KeeperChat on Desktop and Mobile devices.
Vault Feature Policies
We have added a series of enforcement policies related to features within the Keeper Vault that appear in the "Vault Features" screen. The new policies added are the following:
Prevent users from creating folders
Prevent users from creating Identity and Payment records
Mask custom fields
Mask notes
Mask passwords
Day(s) before records can be cleared permanently
Day(s) before deleted records automatically purge
The screenshot of these policies can be seen below.
Notes:
When masking is enforced on custom fields, notes and passwords, this has the effect of replacing all of the content on the screen with dots as seen below. Clicking on the eyeball icon will display and hide the content within the field.
"Purge Deleted Records" enforcements prevents a user from deleting items in their vault and then immediately purging their deleted records permanently.
Here's an example of a record showing masked password, custom field and notes:
Sharing & Uploading Policies
A new role enforcement policy called "Prevent sharing records with file attachments" has been added. By default, this ability is permitted.
KeeperFill Restrictions
There is now a new screen called "KeeperFill" which controls the behavior of the KeeperFill browser extension for Chrome, Firefox, Safari, Edge and IE.
"KeeperFill disabled for specified websites" is a policy which will completely disable the KeeperFill browser extension on sites which match the list provided. You can add any number of sites to the list of disabled websites, and you can also include wildcard characters. This policy was created to address some websites or internal applications that are not friendly to browser extensions, or which impact the performance of the application.
Master Password Expiration
Similar to the improvements on logout timer settings, the "Master Password Expiration" policy can now be configured with a customizable number of days, instead of selecting from a pre-defined list.
Bug Fixes and Performance Updates
Fixed issue where users can't login to Admin Console with expired account transfer consent status
Sorting issues on several screens
RSA and Duo 2FA related issues
Recent Activity visual date issues
Fixed missing localization strings in certain languages
Known Limitations
This release will initially be supported only by these Keeper clients:
Browser Extensions
12.27 (Chrome, Safari, Edge, Firefox)
12.30 (Chrome, Safari, Edge, Firefox, Internet Explorer)
Keeper Web Vault
Coming soon...
All role enforcement policies will be fully supported on the following clients in upcoming releases:
iOS 14.2
Android
Surface
Microsoft Desktop application