Okta
How to configure Keeper SSO Connect Cloud with Okta for seamless and secure SAML 2.0 authentication.
Please complete the steps in the Admin Console Configuration section first.

Okta SSO Configuration

Login to the Admin section of the Okta portal.
Login as Okta Admin
Select the Applications tab then Browse App Catalog and search for Keeper.
Applications > Browse App Catalog
Search for Keeper Password Manager, and then select the Add button for the Keeper Password Manager and Digital Vault Application.
Search for Keeper
Add Application
On the General Settings page that comes up next, you need the "Entity ID" that comes from the Keeper Admin Console.
Example Server Base URL: https://keepersecurity.com/api/rest/sso/saml/XXXXXXXX
The value for XXXXXXXX represents the specific SSO Connect instance associated with your enterprise and can be found on the Admin Console SSO configuration as part of the Service Provider information, as seen below:
View Configuration
Copy the Entity ID
Paste the Entity ID into the Base URL field in the Okta screen.
Next, select the Sign On tab.
Sign On tab
Scroll down to the SAML Signing Certificates configuration section, and select Actions > View IdP metadata.
View IdP metadata
Save the resulting XML file to your computer. In Chrome, Edge and Firefox, select File > Save Page As... and save the metadata.xml file.
Save metadata.xml
On the Keeper side, Edit the SSO configuration then Select OKTA as the IDP Type and upload the metadata.xml file into the Keeper SSO Connect interface by browsing to or dragging and dropping the file into the Setup screen:
Edit the SSO Configuration
Drag and Drop the Metadata File from Okta into Keeper

(Optional) Enable Single Logout

If you would like to enable the Single Logout feature in Okta, go to Sign On tab and click Edit. Click the "Enable Single Logout" checkbox and then upload the SP Cert which comes from the Keeper Admin Console.
To first download the SP Cert, view the SSO configuration on Keeper and click the Export SP Cert button.
Export SP Cert from Keeper
Upload the SP cert file and be sure to click Save to save the Sign On settings in Okta.
Upload Certificate
If you have changed the Single Logout Setting, you'll have to download the latest Okta metadata file once again, and upload the new metadata.xml file into Keeper on the SSO edit screen.
View IdP metadata
Save the resulting XML file to your computer. In Chrome, Edge and Firefox, select File > Save Page As... and save the metadata.xml file.
On the Keeper side, Edit the SSO configuration then upload the new metadata.xml file into the Keeper SSO Connect interface by browsing to or dragging and dropping the file into the Setup screen.
Upload the new Metadata file with Single Logout config settings

Okta SCIM Provisioning

To enable Okta SCIM user and group provisioning please follow the instructions found within the Enterprise Guide: https://docs.keeper.io/enterprise-guide/user-and-team-provisioning/okta-integration-with-saml-and-scim
Okta Provisioning with SCIM
Enterprise Guide

Assign Users

From Okta, you can now add users or groups on the Assignments page. If you have activated SCIM provisioning per the instructions here then the user will be instantly provisioned to Keeper.
Assign Users and Groups
Last modified 2mo ago
Export as PDF
Copy link
Outline
Okta SSO Configuration
(Optional) Enable Single Logout
Okta SCIM Provisioning
Assign Users