Keeper Automator Service
Automatic device approval service based on authentication using SSO Connect Cloud environments

Overview

Keeper Automator performs instant device approvals without the need for the end-user to click "Keeper Push" or "Admin Approval". Once Automator is configured, users can access Keeper on a new (not previously approved) device after a successful authentication with your identity provider.
Keeper Automator is a lightweight service that can be deployed to Azure Container Service, Docker Compose or a Windows Service.
Automator Video Overview

Why is this needed?

Keeper SSO Connect provides seamless authentication into the Keeper vault using your identity provider. To preserve Zero Knowledge and automate the transfer of the Encrypted Data Key (EDK) to the user's device, a service must be run which is operated by the Enterprise (instead of hosted by Keeper).
The service can be run many different ways, either with a serverless or server container.
An in-depth explanation of SSO Connect encryption model is documented here.

Prerequisites

Before you install Automator, a few high level requirements:
  • An Azure container service, cloud instance or on-prem instance to run the container or service. This can be hosted in any cloud, serverless or on-prem environment. The process is very lightweight and can easily run on any sized container with at least 1GB RAM.
  • Inbound port open to the Keeper backend is required. It defaults to port 8089 but it can be configured to any port. This communications channel between Keeper and the Automator is used for performing the key exchange, SAML processing and crypto work.
  • Public DNS entry that points to the service, e.g. automator.company.com. The name does not matter, as long as the name is owned by the customer and an SSL certificate can be generated. See the Network Config page to review the recommended configuration.
  • SSL certificate private key in .pfx format, signed by a public certificate authority for the server.
  • Keeper Commander installed somewhere (can be any workstation) which will help perform some of the setup and configuration steps. Commander is not required to run all the time, just to run a few setup steps.

Certificate Generation

Before installing Commander, please create a SSL certificate following the Create Certificate instructions page.

Service Installation

Automator can be installed in a few different ways. We recommend using the Azure Container Service, Docker Compose method or Windows Service method, depending on your environment and requirements.

Installation Method: Azure Container Service

Installation Method: Docker Compose

Installation Method: Windows Service

Installation Method: Docker

Installation Method: Standalone Java

Export as PDF
Copy link
Outline
Overview
Why is this needed?
Prerequisites
Certificate Generation
Service Installation
Installation Method: Azure Container Service
Installation Method: Docker Compose
Installation Method: Windows Service
Installation Method: Docker
Installation Method: Standalone Java