Admin Console 16.0.0
AWS GovCloud Release with beta features: Compliance Reports and Record Type Controls

New Features

🇺🇸
Support for AWS GovCloud (FedRAMP)

Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at [email protected] for more information.
US GovCloud Console

Record Types Admin Controls

Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.
Record Types Admin Controls
Admin Permissions for Compliance Reports and Record Types

Compliance Reports

Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.
Compliance Reports
User Report
Compliance Export PDF
Security Model for Compliance Reports
To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:
  • Record Title
  • Record Type
  • URL
Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.

New Reporting Events

The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.
New ARAM Events
Event
Category
Description
compliance_report_saved
compliance
Compliance report UID ${app_uid} saved by ${username}
compliance_report_downloaded
compliance
Compliance report UID ${app_uid} downloaded by ${username}
compliance_report_exported
compliance
Compliance report UID ${app_uid} exported by ${username}
compliance_report_deleted
compliance
Compliance report UID ${app_uid} deleted by ${username}
saved_criteria_saved
compliance
Compliance report criteria UID ${app_uid} saved by ${username}
saved_criteria_edited
compliance
Compliance report criteria UID ${app_uid} edited by ${username}
saved_criteria_deleted
compliance
Compliance report criteria UID ${app_uid} deleted by ${username}
record_type_created
policy
Admin ${username} created record type "${name}"
record_type_updated
policy
Admin ${username} updated record type "${name}"
record_type_deleted
policy
Admin ${username} deleted record type "${name}"

Bug Fixes

  • EM-4867: Renew button is not active on expired accounts
  • EM-4871: Node and device type attributes for ARAM not working
  • EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen
  • EM-4878: Expired accounts cannot pay on the Administrator Login screen
  • EM-4904: Event types in ARAM reports erroneously displaying scroll bar
  • EM-4875: Deleted users saved to ARAM report results in white screen
  • EM-4899: Adding role to a user does not display until admin logs in or manually syncs
  • EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date
  • EM-4930: Not able to delete users from enterprise
  • EM-4944: User can change email address without a correct master password
  • EM-4953: ARAM BreachWatch events are not being listed correctly
  • EM-4971: Getting server failure when attempting to move a user to a new node

Known Issues to be fixed before General Availability

  • EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
  • EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
  • EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.
  • EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
  • EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
  • EM-4958: Not logging Compliance Reports “exported report” events to ARAM.
Last modified 1mo ago