High level overview of Keeper SSO Connect™ Cloud
Simply by authenticating through your existing IdP, your employees gain access to all of the capabilities of the top-rated Keeper password management platform, including:
- Secure digital vault that can be accessed from any device, running any OS
- Automatic password generation & autofill on all devices
- Compatibility on any system, browser or app
- Zero-knowledge encryption of vault data
This service does not require any on-premises or customer cloud-hosted services and there are no Master Passwords. Configuration is done directly between the IdP and Keeper's Admin Console.
To preserve Zero Knowledge, an Elliptic Curve public/private key pair is generated for each device. The private key on the device encrypts and decrypts the user's vault. Signing into a new device requires a key exchange that is processed by our Keeper Push feature or approved by a designated Admin. Automated admin approvals can be configured in several different ways.
Important: SSO users and provisioning must exist in a dedicated node that you will create (not in the root node). Before completing these steps, create a new node as shown in the image below.
Keeper SSO Connect Cloud can be rolled out in 3 easy steps:
- 1.Create a SSO Connect Cloud instance on the Keeper Admin Console under Provisioning
- 2.Exchange metadata with your SAML identity provider
- 3.Set up automated provisioning and/or manually provision users to Keeper
A unique "device" includes physical devices as well as browsers and browser profiles.
From an administrator's perspective, the cost, risk & labor saving benefits of Keeper SSO Connect Cloud are significant:
- Easy setup, all in one place in Keeper’s existing Admin Console.
- No hosted software to integrate with the IdP
- No additional server costs
- No patching software
- Eliminates a potential single point of failure
- Available 24/7/365 on Keeper’s high availability systems