Ping Identity

How to configure Keeper SSO Connect Cloud with Ping Identity for seamless and secure SAML 2.0 authentication.

Note: The Keeper app in the Ping Identity website was originally configured for SSO Connect On-Prem version and we've adapted the instructions in this guide to work with Keeper SSO Connect Cloud™.

Be sure to have already performed the steps in the Admin Console Configuration section.

Ping Identity

Login to the Ping Identity portal.

From the Ping Identity menu select Applications.

Then select Add Application and select New SAML Application.

On the Application Details page, add the following data:

  • Application Name: Keeper Password Manager Application Detail: Password Manager and Digital Vault Category: Compliance (or other) Graphic: Upload the Keeper Graphic http://s3.amazonaws.com/keeper-email-images/common/keeper256x256.png

Then select Continue to Next Step.

The next step is to download the SAML Metadata from Ping Identity. Select the Download link next to SAML Metadata.

The saml2-metadata-idp.xml file will download to the local computer. On the Edit screen of the Keeper SSO Connect Cloud™ provisioning select Generic as the IDP Type and upload the saml2-metadata-idp xml file into the Keeper SSO Connect interface by browsing to or dragging and dropping the file into the Setup screen: Setup screen:

Next download the Keeper metadata file and upload it to the Ping Application configuration. Navigate to the view screen of the Keeper SSO Connect Cloud™ provisioning.

Enter View Screen

Click the "Export Metadata" button to download the config.xml file.

Export Keeper Metadata

Back on the Ping Identity application configuration, select the Select File button and choose the config.xml file downloaded in the above step.

Upload Keeper Metadata

Select Continue to Next Step.

The next step is the map the attributes. Select the Add new attribute button.

  • In attribute 1, type “First” in the Application Attribute column, select First Name in the Identity Bridge Attribute or Literal Value column, and check the Required button. Select the Add new attribute button.

  • In attribute 2, type "Last" in the Application Attribute column, select Last Name in the Identity Bridge Attribute or Literal Value column, and check the Required button. Select the Add new attribute button.

  • In attribute 3, type "Email" in the Application Attribute column, select Email in the Identity Bridge Attribute or Literal Value column, and check the Required button. Application Attributes: First, Last, Email must begin with a capital letter.

Select the group(s) that should have access to the Keeper Application. When complete click "Continue to Next Step". Review the setup and and then select the Finish button.

Important Note: In the Application Configuration section of your Ping Identity setup, ensure that the "Signing" section has "Sign Response" selected with "RSA_SHA256" as the Signing Algorithm.

The Keeper Application should be added and enabled.

Keeper Application on Ping Identity

Your Keeper SSO Connect setup is now complete!