Comment on page
Keeper Automator Service
Automatic device approval service for SSO Connect Cloud environments

The Keeper Automator is an optional service which performs instant device approvals, team approvals and team user assignments upon a successful login from the SSO identity provider.
Once Automator is running, users can seamlessly access Keeper on a new (not previously approved) device after a successful authentication with your identity provider, without any further approval steps.
If the Automator service is not set up, users and admins can still perform device approvals through Push Approval methods.
Keeper Automator is a lightweight service that can be deployed in your cloud or on-prem environment, in many different ways.
Automator Video Overview
Keeper SSO Connect provides seamless authentication into the Keeper vault using your identity provider. Normally a user must a approve their new device, or an Admin can approve a new device for a user. The Automator service is totally optional, created for Admins who want to remove any friction associated with device approvals.
To preserve Zero Knowledge and automate the transfer of the Encrypted Data Key (EDK) to the user's device, a service must be run which is operated by the Enterprise (instead of hosted by Keeper). The service can be run several different ways, either in the cloud or self-hosted.
Using the Automator service creates a frictionless experience for users, however it requires that you have fully secured your identity provider.
Depending on your environment, select from one of the following installation methods. The Azure Container App and AWS Elastic Container Service are the best choices if you use one of these cloud services.
Last modified 1mo ago