The Tray Application and Windows Service can be installed on the follow operating systems:

  1. Windows Server 2008 R2

  2. Windows Server 2012

  3. Windows Server 2012 R2

  4. Windows Server 2016

Note: The Keeper Bridge application will need to be installed on a domain joined member server located on the same network as a domain controller. Ensure your domain joined member server is NOT a domain controller as this is not a supported setup of the Keeper Bridge application. The Domain functional level must be at Windows 2008 R2 or higher in order for the bridge to properly integrate.

The following data needs to be known in order to configure the Tray Application:

  1. Domain or Forest name of the Active Directory.

  2. An account used to bind the Keeper Bridge to Active Directory (e.g. ). This is an Active Directory account which requires at least read only access to the Active Directory domain. No other special privileges are needed.

  3. A Security Group called Keeper Admins. Only users that are member of the Keeper Admins Security group will be permitted to login to the Tray application and configure the service. This group name can be changed and the Admin Security Group setting in the Keeper Admin Security configuration modified accordingly later. For a multi-domain forest create this group as a universal group so that users in this group are cached in the Global Catalog.

  4. Ensure the Email Property (typically “mail” or “userPrincipalName”) in Directory Service Options is set to the correct value to pick up the user's Email address.

  5. The Keeper Bridge needs access to MS Active Directory on either ports 389 or 636 and to the Keeper Cloud on port 443. ( = and

To help alleviate permission issues that can arise if different administrators run the bridge under their account, a Keeper service account can be used. This is a Keeper account with the "Keeper Administrator" permission assigned.