High level overview of Keeper SSO Connect™ Cloud

End-to-End Password Protection Across Your Data Environment

Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including:

  • Secure digital vault that can be accessed from any device, running any OS

  • Automatic password generation & autofill on all devices

  • Works on any system, browser or app

  • Proprietary zero-knowledge encryption

This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console.

To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by the new Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways.

Setup Steps

At a high level, setting up Keeper SSO Connect Cloud can be accomplished in 2 easy steps: 1. Configure SSO Connect on the Keeper Admin Console. 2. Enable and configure the Keeper Application within the IdP.

If having another role other than the Keeper Administrator approve devices then the "Approve Devices" admin role permission will need to be added to the designated role.

A new Admin Permission called "Approve Devices" allows an Administrator to perform device approvals. Admin Approvals can also be automated. See the Device Approval Section.


From an administrator's perspective, the cost, risk & labor saving benefits are significant:

  • Easy setup, all in one place in Keeper’s existing Admin Console.

  • No hosted software to integrate with their IdP

  • No additional server costs

  • No patching software

  • Eliminates a potential single point of failure

  • Available 24/7/365 on Keeper’s high availability systems