HomeEnterprise GuideUser Guides
Search…
Keeper SSO Connectâ„¢ Cloud
Overview
Admin Console Configuration
SSO Identity Providers
Passwordless Providers
Azure / O365
Okta
AD FS
Google Workspace
JumpCloud
Centrify
DUO SSO
OneLogin
Ping Identity
RSA SecureID Access
Amazon AWS
F5
Generic SAML 2.0
Device Approvals
Logout Configuration
User Provisioning
System Architecture
Security and User Flow
Migration from On-Prem
Links & Resources
Powered By GitBook
Okta
How to configure Keeper SSO Connect Cloud with Okta for seamless and secure SAML 2.0 authentication.
Note: The Keeper app in the Okta website was originally configured for SSO Connect On-Prem version and we've adapted the instructions in this guide to work with Keeper SSO Connect Cloudâ„¢.
Be sure to have already performed the steps in the Admin Console Configuration section.

Okta SSO Configuration

Login to the Admin section of the Okta portal.
Login as Okta Admin
​
Select the Applications tab and select Add Application.
Search for Keeper Password Manager, and then select the Add button for the Keeper Password Manager and Digital Vault Application.
On the General Settings page that comes up next, Enter the Entity ID copied from your Keeper SSO Connect Cloudâ„¢ configuration screen to the Server Base URL field. Then select the Done button.
Enter the Server Base URL from the Keeper configuration screen
Example Server Base URL: https://keepersecurity.com/api/rest/sso/saml/XXXXXXXX
The value for XXXXXXXX represents the specific SSO Connect instance associated with your enterprise and can be found on the Admin Console SSO configuration as part of the Service Provider information, as seen below:
View Configuration
Keeper Entity ID
​
Next, select the Sign On tab.
Scroll down to the SAML 2.0 configuration section, download the Identity Provider metadata file and save the XML file to your computer.
Select OKTA as the IDP Type and upload the metadata xml file into the Keeper SSO Connect interface by browsing to or dragging and dropping the file into the Setup screen:
Edit the SSO Configuration
​
Drag and Drop the Metadata File from Okta into Keeper
​

Configuration of Single Logout

If you would like to enable the Single Logout feature in Okta, go to the Sign On tab and click Edit. Click the "Enable Single Logout" checkbox and then upload the SP Cert which comes from the Keeper Admin Console.
Export SP Cert from Keeper
Upload the SP cert file and save the Sign On settings in Okta.
Upload Certificate
Now, download the latest Okta metadata file and upload into Keeper (again).
Upload the new Metadata file with Single Logout config settings

Okta SCIM Provisioning

To enable Okta SCIM user and group provisioning please follow the instructions found within the Enterprise Guide: https://docs.keeper.io/enterprise-guide/user-and-team-provisioning/okta-integration-with-saml-and-scim​
Okta Provisioning with SCIM
Enterprise Guide

Assign Users

From Okta, you can now add users or groups on the Assignments page. If you have activated SCIM provisioning per the instructions here then the user will be instantly provisioned to Keeper.

​

​
Okta Provisioning with SCIM
Enterprise Guide
Previous
Azure / O365
Next
AD FS
Last modified 11mo ago
Export as PDF
Copy link
Contents
Okta SSO Configuration
Configuration of Single Logout
Okta SCIM Provisioning
Assign Users