High level overview of Keeper SSO Connect™ Cloud

End-to-End Password Protection Across Your Data Environment

Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including:

  • Secure digital vault that can be accessed from any device, running any OS

  • Automatic password generation & autofill on all devices

  • Works on any system, browser or app

  • Proprietary zero-knowledge encryption

This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console.

To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by the new Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways.

Setup Steps

At a high level, setting up Keeper SSO Connect Cloud can be accomplished in 3 easy steps: 1. Configure SSO Connect on the Keeper Admin Console. 2. Enable and configure the Keeper Application within the IdP. 3. Add "Approve Devices" admin role permission to the designated Administrator

A new Admin Permission called "Approve Devices" allows an Administrator to perform device approvals. Admin Approvals can also be automated.


From an administrator's perspective, the cost, risk & labor saving benefits are significant:

  • Easy setup, all in one place in Keeper’s existing Admin Console.

  • No hosted software to integrate with their IdP

  • No additional server costs

  • No patching software

  • Eliminates a potential single point of failure

  • Available 24/7/365 on Keeper’s high availability systems