Comment on page
Keeper Connection Manager SAML configuration with Microsoft Azure
The first step regardless of installation method is to configure your SAML 2.0 identity provider using Microsoft Azure.
(1) In Azure, go to Enterprise Applications and Create a new application.
(2) Give the Enterprise Application a name, and then select "non-gallery" application.
(3) Set up Single Sign On with SAML.
(4) Configure for SAML
(5) Set up the SAML properties to point Azure to your Keeper Connection Manager installation URL:
(6) To support Azure Group to Keeper Connection Manager User Group mappings, you can add a Group claim by editing the Attributes & Claims then adding a Group Claim.
Add a Group Claim
When prompted, you can decide whether the group claim is always sent, or only for specific groups or assigned users. If unsure, choose all groups.
For hybrid environments, if the group originates from on-prem AD, you may need to change the display name of the security group.
If you would like to automatically mapp group assignments in the identity provider to Keeper Connection Manager Groups, ensure that the
saml-group-attributeparameter is defined to match the Identity Provider Group Attribute. The name of the Group in Keeper Connection Manager needs to match this identifier exactly in order for the mapping to work.
These are commonly used settings
Azure Group to Keeper Connection Manager Group mapping is through the Group GUID. If the Keeper Connection Manager contains a Group that has the name corresponding to the Azure Group GUID, the user will receive all connections assigned to that user group.
(7) Assign users and/or groups to the Keeper Connection Manager application, as you would normally do with any SAML connected app.
Assign Users and Groups
(8) Copy the URL of the App Federation Metadata and paste it into the prompt on your KCM server.
(9) Add the KCM Logo
From the "Properties" screen of the Enterprise Application, upload the KCM logo. The file can be downloaded below.
KCM Logo 100x100
Here's how the logo will look: