Admin Console 16.0.0

AWS GovCloud Release with beta features: Compliance Reports and Record Type Controls

New Features

🇺🇸 Support for AWS GovCloud (FedRAMP)

Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at for more information.

Record Types Admin Controls

Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.

Compliance Reports

Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.

Security Model for Compliance Reports

To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:

  • Record Title

  • Record Type

  • URL

Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.

New Reporting Events

The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.

New ARAM Events






Compliance report UID ${app_uid} saved by ${username}



Compliance report UID ${app_uid} downloaded by ${username}



Compliance report UID ${app_uid} exported by ${username}



Compliance report UID ${app_uid} deleted by ${username}



Compliance report criteria UID ${app_uid} saved by ${username}



Compliance report criteria UID ${app_uid} edited by ${username}



Compliance report criteria UID ${app_uid} deleted by ${username}



Admin ${username} created record type "${name}"



Admin ${username} updated record type "${name}"



Admin ${username} deleted record type "${name}"

Bug Fixes

  • EM-4867: Renew button is not active on expired accounts

  • EM-4871: Node and device type attributes for ARAM not working

  • EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen

  • EM-4878: Expired accounts cannot pay on the Administrator Login screen

  • EM-4904: Event types in ARAM reports erroneously displaying scroll bar

  • EM-4875: Deleted users saved to ARAM report results in white screen

  • EM-4899: Adding role to a user does not display until admin logs in or manually syncs

  • EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date

  • EM-4930: Not able to delete users from enterprise

  • EM-4944: User can change email address without a correct master password

  • EM-4953: ARAM BreachWatch events are not being listed correctly

  • EM-4971: Getting server failure when attempting to move a user to a new node

Known Issues to be fixed before General Availability

  • EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.

  • EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.

  • EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.

  • EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.

  • EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.

  • EM-4958: Not logging Compliance Reports “exported report” events to ARAM.

Last updated