Device platform availability on SSO Connect Cloud

Keeper Component


Web Vault


Admin Console


Keeper Desktop (Windows, Mac, Linux)


Chrome, Firefox, Safari, Edge extensions


Internet Explorer 11 Extension






Azure Function for Automated Approvals


Master Password to SSO Cloud migration


Automated On-Prem to Cloud SSO migration

Q2 2021

Login to KeeperChat

Q1 2021

(*) Notes:

  • Please contact the Keeper support team to discuss rollout strategy. Do not delete any existing SSO configurations or plan a migration without speaking with Sales Engineering.

  • The Browser extensions supporting SSO Cloud (v15) are available at the Download page: https://keepersecurity.com/download Note: Please ensure only one extension is running. Remove v14 extensions if they are installed.

Migration from On-Prem to Cloud SSO

The Keeper team is working on a seamless transition process from On-Prem to Cloud SSO to Cloud SSO, however this is currently not available. The current process to transition is the following:

  • User ensures that Account Recover (Security Question & Answer) is properly set by visiting the Vault > Settings > Reset Security Q&A

  • Move user from SSO node to non-SSO (root) node in the Admin Console

  • User performs "Forgot password" account recovery

  • Move user into SSO Cloud-enabled node

  • User signs into vault with SSO Domain for cloud-enabled node

Please do not attempt to migrate your SSO users to Cloud SSO until discussing a migration plan with the Keeper Team. Also, do not delete existing SSO On-Prem environments without consulting with the Keeper team.

SSO Connect Cloud vs SSO Connect On-Prem

SSO Connect Cloud:

  • No hosting of Service Provider application is required

  • Fast setup and configuration

  • No maintenance

  • Device Approvals require Keeper Push, Admin Approval or Auto-Approval Methods

  • Incognito Mode / Private Browsing are treated as new devices

  • Full platform support in October 2020

SSO Connect On-Prem:

  • Requires a Windows or Linux server to host the Service Provider application

  • Requires SSL certificate configuration for endpoint

  • Device Approvals performed via simple email link or verification code (no Admin Approval or Push Approvals required)

  • Browser Incognito Mode / Private Browsing does not require device approvals

  • Full platform support in production currently