Search…
⌃K

Beyond Identity

How to configure Keeper SSO Connect Cloud with Beyond Identity for Passwordless login to Keeper.

Configure Keeper for Beyond Identity Integration

Please complete the steps in the Admin Console Configuration section first.
Visit the Keeper Admin Console and login as the Keeper Administrator.
Note: Passwordless integration can only be applied to specific nodes (e.g. organizational units) within your Admin Console.
1) Click on the Admin tab and click Add Node
2) Name the node and click Add Node
Create a node for Beyond Identity in the Keeper Admin
3) From the Provisioning tab, click Add Method
4) Select Single Sign-On with SSO Connect™ Cloud and click Next
5) Enter your Configuration Name and Enterprise Domain, then click Save. Take note of the Enterprise Domain. This will be used later for Enterprise SSO login.
Configure Beyond Identity for Single Sign-On with SSO Connect™ Cloud
6) The newly-created SAML 2.0 with Cloud SSO Connect provisioning method will be visible. Select View from the menu.
These items will be used when configuring Beyond Identity later in the documentation.
View Beyond Identity Provisioning Settings
7) Note the Entity ID, Assertion Consumer Service (ACS) Endpoint and Single Logout Service Endpoint
8) Click Export SP Cert
Note the highlighted fields and Export SP Cert

Configure Beyond Identity

2) Log into the Beyond Identity Admin Console at https://admin.byndid.com/.
Instructions for registering and using Beyond Identity can be found in Beyond Identity's Documentation.

Create Keeper Integration in Beyond Identity

3) From your Beyond Identity Admin Console, select Integrations from the left-hand navigation.
4) Click the SAML tab.
5) Click Add SAML Connection.
6) In the Edit SAML Connection dialog, use the following table to determine values to enter:
Beyond Identity Field
Value to Use
Name
Display Name for your SAML Connection
SP Single Sign On URL
Assertion Consumer Service (ACS) Endpoint value from Keeper Admin Console
SP Audience URI
Entity ID from Keeper Admin Console
Name ID format
emailAddress
Subject User Attribute
Email
Request Binding
http post
Authentication Context Class
X509
Signed Response
Signed toggled On
X509 Signing Certificate
SP Cert exported from Keeper Admin Console
7) In the Attribute Statements section, add the following two attributes:
Name
Name Format
Value
Email
unspecified
{{Email}}
First
unspecified
{{DisplayName}}
8) Click Save Changes.
Configure SAML Settings for Beyond Identity Integration
9) Click the Download Metadata icon </> to download the XML metadata for use in the Keeper Admin Console.
Download Beyond Identity Metadata
10) Return to the Keeper Admin Console
11) Click Edit on the Beyond Identity provisioning method to view the configuration settings.
Click Edit to view the configuration screen
12) Optionally enable Just-In-Time Provisioning to allow users to create accounts in the node by typing in the Enterprise Domain name when signing up.
13) Under SAML Metadata, upload the metadata.xml file downloaded from the Beyond Identity Admin Console.
Upload metadata and configure Just-In-Time Provisioning

User Provisioning

Instructions on how to provision users with SSO Connect Cloud can be found here.

End User Login

Users may login either using their enterprise domain or email address.

Login Using Email Address on desktop with Beyond Identity Authenticator installed

1) Navigate to the Keeper Vault
2) Enter your email address and click Next
3) You will now be logged in to your Keeper vault
Login Using Enterprise Domain on desktop with Beyond Identity Authenticator installed
1) Navigate to the Keeper Vault
2) Click the Enterprise SSO Login dropdown and select Enterprise Domain
3) Enter the Enterprise Domain name you specified in the Keeper portion of this walkthrough and click Connect
4) You will now be logged in to your Keeper vault
Login Using Enterprise Domain with Beyond Identity installed for iOS or Android
1) Navigate to the Keeper Vault
2) Tap Use Enterprise SSO Login dropdown
3) Enter the Enterprise Domain you specified in the Keeper portion of this walkthrough and tap Connect
4) Accept the push notification from the Beyond Identity App
5) You will now be logged in to your Keeper vault
Login Using Email Address with Beyond Identity installed for iOS or Android
1) Open the Keeper App
2) Enter your email address and click Next
3) Accept the push notification from the Beyond Identity App
4) You will now be logged in to your Keeper vault