Device platform availability on SSO Connect Cloud

Keeper SSO Connect Cloud is being rolled out in stages, starting with the Admin Console and Web Vault. Additional platforms and critical features are being launched in the month of September.

Keeper Component


Web Vault

Live (GA) *

Admin Console

Live (GA) *

Chrome, Firefox, Safari, Edge extensions

Sept 30, 2020

Internet Explorer 11 Extension

Sept 30, 2020

Keeper Desktop (Windows, Mac)

Sept 30, 2020 **


Oct 15, 2020 **


Oct 15, 2020 **

( * ) limited feature capabilities - please contact Keeper team to discuss rollout strategy before implementation.

(**) iOS, Mac and Windows desktop applications are deployed as a staged rollout under new Application versions, and the acceptance date depends on the specific app store (Apple, Google, etc).

Features Not Live Yet

(1) Mobile device approvals will not be available until the iOS and Android apps are deployed. Therefore, Keeper Push for device approvals will only work with the Web Vault until end of Sept.

(2) Admin Approvals are being changed to use a new Admin Permission called "Approve Devices" instead of requiring "Vault Transfer" permission.

(3) Moving users from a root node into SSO Cloud does not work and users will not be able to login with SSO. This is being updated the week of Sept 17.

(4) Migration of users from On-Prem SSO to Cloud SSO does not work.

Please do not attempt to migrate your SSO users to Cloud SSO until discussing a migration plan with the Keeper Team. Also, do not delete existing SSO On-Prem environments without consulting with the Keeper team.

SSO Connect Cloud vs SSO Connect On-Prem

SSO Connect Cloud:

  • No hosting of Service Provider application is required

  • Fast setup and configuration

  • No maintenance

  • Device Approvals require Keeper Push or Admin Approval

  • Incognito Mode / Private Browsing are treated as new devices

  • Full platform support in October 2020

SSO Connect On-Prem:

  • Requires a Windows or Linux server to host the Service Provider application

  • Requires SSL certificate configuration for endpoint

  • Device Approvals performed via simple email link or verification code (no Admin Approval or Push Approvals required)

  • Browser Incognito Mode / Private Browsing does not require device approvals

  • Full platform support in production currently