Comment on page
Admin Console 16.0.0
Released to production on Oct 18, 2021
Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at [email protected] for more information.
US GovCloud Console
Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.
Record Types Admin Controls
Admin Permissions for Compliance Reports and Record Types
Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.
Compliance Export PDF
Security Model for Compliance Reports
To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:
- Record Title
- Record Type
Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.
The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.
- EM-4867: Renew button is not active on expired accounts
- EM-4871: Node and device type attributes for ARAM not working
- EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen
- EM-4878: Expired accounts cannot pay on the Administrator Login screen
- EM-4904: Event types in ARAM reports erroneously displaying scroll bar
- EM-4875: Deleted users saved to ARAM report results in white screen
- EM-4899: Adding role to a user does not display until admin logs in or manually syncs
- EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date
- EM-4930: Not able to delete users from enterprise
- EM-4944: User can change email address without a correct master password
- EM-4953: ARAM BreachWatch events are not being listed correctly
- EM-4971: Getting server failure when attempting to move a user to a new node
- EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
- EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
- EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.
- EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
- EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
- EM-4958: Not logging Compliance Reports “exported report” events to ARAM.