Admin Console 13.1

Release date: January 17, 2019.

Enhancements & Benefits

This release contains several new role enforcement policies, visual improvements to the role enforcement policy section, additional refinements for existing role policies, and bug fixes to address known customer issues.

Custom Logout Timers

Previously, logout timer enforcements were limited to certain intervals between 1 minute and 24 hours. Now, you can customize the value of the logout timer in increments of minutes. To enforce a logout timer, turn the switch to the ON position and then specify the logout timer setting as seen below.

Note, "Disable email invitations" enforcement policy was also moved into this Account Settings role enforcement policy screen.

Platform Restrictions

By default, access is granted on all role enforcement policies. We have now added KeeperChat platform restriction policies. You may restrict the use of KeeperChat on Desktop and Mobile devices.

Vault Feature Policies

We have added a series of enforcement policies related to features within the Keeper Vault that appear in the "Vault Features" screen. The new policies added are the following:

  1. Prevent users from creating folders

  2. Prevent users from creating Identity and Payment records

  3. Mask custom fields

  4. Mask notes

  5. Mask passwords

  6. Day(s) before records can be cleared permanently

  7. Day(s) before deleted records automatically purge

The screenshot of these policies can be seen below.


  • When masking is enforced on custom fields, notes and passwords, this has the effect of replacing all of the content on the screen with dots as seen below. Clicking on the eyeball icon will display and hide the content within the field.

  • "Purge Deleted Records" enforcements prevents a user from deleting items in their vault and then immediately purging their deleted records permanently.

Here's an example of a record showing masked password, custom field and notes:

Sharing & Uploading Policies

A new role enforcement policy called "Prevent sharing records with file attachments" has been added. By default, this ability is permitted.

KeeperFill Restrictions

There is now a new screen called "KeeperFill" which controls the behavior of the KeeperFill browser extension for Chrome, Firefox, Safari, Edge and IE.

"KeeperFill disabled for specified websites" is a policy which will completely disable the KeeperFill browser extension on sites which match the list provided. You can add any number of sites to the list of disabled websites, and you can also include wildcard characters. This policy was created to address some websites or internal applications that are not friendly to browser extensions, or which impact the performance of the application.

Master Password Expiration

Similar to the improvements on logout timer settings, the "Master Password Expiration" policy can now be configured with a customizable number of days, instead of selecting from a pre-defined list.

Bug Fixes and Performance Updates

  • Fixed issue where users can't login to Admin Console with expired account transfer consent status

  • Sorting issues on several screens

  • RSA and Duo 2FA related issues

  • Recent Activity visual date issues

  • Fixed missing localization strings in certain languages

Known Limitations

This release will initially be supported only by these Keeper clients:

  • Browser Extensions

    • 12.27 (Chrome, Safari, Edge, Firefox)

    • 12.30 (Chrome, Safari, Edge, Firefox, Internet Explorer)

  • Keeper Web Vault

Coming soon...

All role enforcement policies will be fully supported on the following clients in upcoming releases:

  • iOS 14.2

  • Android

  • Surface

  • Microsoft Desktop application

Last updated