SSO Connect Cloud

Version 3.2 Overview

Instructions for upgrading your Automator instance to v3.2

Overview

Version 3.2+ incorporated several new features:

  • Team Approvals (Team Creation)

  • Team User Approvals (Assigning Users to Teams)

  • All settings can be configured as environment variables

  • Support for simplified Azure Container App deployment

  • Support for simplified AWS ECS Service deployment

  • HSTS is enabled for improved HTTPS security

  • IP address filtering for device approval and team approval

  • Optional rate limiting for all APIs

  • Optional filtering by email domain

  • Optional binding to specific network IPs

Team User approvals

Version 3.2 introduced Team approvals and Team User approvals. This means that teams and users who are provisioned through SCIM can be immediately processed by the Automator service (instead of waiting for the admin to login to the console).

To activate this new feature:

  • Update your Automator container to the latest version

  • Use the automator edit command in Keeper Commander to instruct the service to perform device approvals and also perform Team User approvals:

Example:

automator edit --skill=team --skill=team_for_user --skill=device "My Automator"
automator setup "My Automator"
automator init "My Automator"
automator enable "My Automator"

With the skill enabled, automator is triggered to approve team users when the user logs into their vault

Team Approvals

When team creation is requested by the identity provider via SCIM messaging, the request is not fully processed until someone can generate an encryption key (to preserve Zero Knowledge). This is normally processed when an admin logs into the Keeper Admin Console.

When team approvals is activated on the Keeper Automator service, teams are now created automatically when any assigned user from the team logs in successfully to the Keeper Vault. Therefore, teams will not appear in the environment until at least one user from that team logs into their vault.

Teams will not appear in the environment until at least one user from that team logs into their vault.

All settings can be configured as environment variables

This makes configuration easier when installing Automator in Azure Containers or other Docker-like containers where access to the settings file is difficult.

In Docker, Azure Containers, or other environments that use the docker-compose.yml file, you can set environment variables in the docker compose file, for example:

services:
  automator:
    container_name: "az-autodock"
    environment:
      - AUTOMATOR_PORT=8090
      - AUTOMATOR_HOST=10.0.0.4
      - DISABLE_SNI_CHECK=true

After editing the docker-compose.yml file, you will need to rebuild the container if the environment variables have changed. Just restarting the container will not incorporate the changes.

Advanced Features

See this page for all of the new and advanced features / settings for the Automator service.

PreviousKeeper Automator ServiceNextIngress Requirements

Last updated