This release contains several new role enforcement policies, visual improvements to the role enforcement policy section, additional refinements for existing role policies, and bug fixes to address known customer issues.
Previously, logout timer enforcements were limited to certain intervals between 1 minute and 24 hours. Now, you can customize the value of the logout timer in increments of minutes. To enforce a logout timer, turn the switch to the ON position and then specify the logout timer setting as seen below.
Note, "Disable email invitations" enforcement policy was also moved into this Account Settings role enforcement policy screen.
By default, access is granted on all role enforcement policies. We have now added KeeperChat platform restriction policies. You may restrict the use of KeeperChat on Desktop and Mobile devices.
We have added a series of enforcement policies related to features within the Keeper Vault that appear in the "Vault Features" screen. The new policies added are the following:
Prevent users from creating folders
Prevent users from creating Identity and Payment records
Mask custom fields
Day(s) before records can be cleared permanently
Day(s) before deleted records automatically purge
The screenshot of these policies can be seen below.
When masking is enforced on custom fields, notes and passwords, this has the effect of replacing all of the content on the screen with dots as seen below. Clicking on the eyeball icon will display and hide the content within the field.
"Purge Deleted Records" enforcements prevents a user from deleting items in their vault and then immediately purging their deleted records permanently.
Here's an example of a record showing masked password, custom field and notes:
A new role enforcement policy called "Prevent sharing records with file attachments" has been added. By default, this ability is permitted.
There is now a new screen called "KeeperFill" which controls the behavior of the KeeperFill browser extension for Chrome, Firefox, Safari, Edge and IE.
"KeeperFill disabled for specified websites" is a policy which will completely disable the KeeperFill browser extension on sites which match the list provided. You can add any number of sites to the list of disabled websites, and you can also include wildcard characters. This policy was created to address some websites or internal applications that are not friendly to browser extensions, or which impact the performance of the application.
Similar to the improvements on logout timer settings, the "Master Password Expiration" policy can now be configured with a customizable number of days, instead of selecting from a pre-defined list.
Fixed issue where users can't login to Admin Console with expired account transfer consent status
Sorting issues on several screens
RSA and Duo 2FA related issues
Recent Activity visual date issues
Fixed missing localization strings in certain languages
This release will initially be supported only by these Keeper clients:
12.27 (Chrome, Safari, Edge, Firefox)
12.30 (Chrome, Safari, Edge, Firefox, Internet Explorer)
Keeper Web Vault
All role enforcement policies will be fully supported on the following clients in upcoming releases:
Microsoft Desktop application