HomeEnterprise GuideUser Guides
Search…
Keeper SSO Connect On-Prem
Overview
System Requirements
Installation and Setup
Identity Provider Setup
Azure Configuration
Okta Configuration
G Suite (Google Workspace) Configuration
AD FS Configuration
Ping Identity Configuration
OneLogin Configuration
JumpCloud Configuration
RSA SecurID Access
F5 Configuration
Centrify Configuration
AWS SSO Configuration
Generic SAML Configuration
High Availability (HA) Configuration
Integration with AWS CloudHSM
Integration with Gemalto HSM
Upgrading SSO Connect
Updating the SSO Connect Configuration
Migrating to a new SSO Connect Server
End-User Login Flow
Service Management
Troubleshooting & FAQs
Appendix - Creating Certificates
Technical Support
Links and Resources
Docs Home
Powered By GitBook
AWS SSO Configuration
How to configure Keeper SSO Connect On-Prem with Amazon AWS SSO for seamless and secure SAML 2.0 authentication.
For a 100% cloud-based integration with AWS, see Keeper SSO Connect Cloud​

AWS SSO

Log into AWS and select on AWS Single Sign-On.
On the SSO Dashboard, select Configure SSO access to your cloud applications.
On the Applications menu, select Add a new application.
Next select Keeper Security and select Add.**
Keeper is working with AWS to develop an Application Connector.
Fill in the Display name and Description (optional) in the application details section.
In the AWS SSO metadata section, select the download button to export the AWS SSO SAML metadata file. This file gets imported in the SSO Connect IdP Metadata section on the configuration screen.
Copy this file to the Keeper SSO Connect server and upload it into the Keeper SSO Connect interface by dragging and dropping the file into the Configuration screen: Select Save.
The remaining step on the Keeper SSO Connect Server is to download the Keeper sso_connect.xml metadata file and upload it to the AWS application. Select Export Metadata on the Keeper SSO Connect.
Import the sso_connect.xml file to the Application metadata section on the application configuration screen.
After saving changes the Configuration for Keeper Password Manager has been saved success message will be displayed.
Note: The Keeper SSL certificate cannot be larger than 2048K or the below error will be received.
  • Either, generate a smaller SSL certificate, re-export and import the metadata file or manually set the ACS URL and Audience URL in the AWS SSO application configuration.
Next, Ensure the Keeper application attributes that are to be mapped to AWS SSO are correct (These should be set by default. Select the Attribute mappings tab. The AWS string value to ${user:subject} and format is blank or unspecified. The Keeper Attributes are set as follows:
Keeper Attribute
AWS SSO String Value **
Format
Email
${user:email}
unspecified
First
${user:givenName}
unspecified
Last
${user:familyName}
unspecified
Note: If your AWS email is mapped to the AD UPN (which may not be the actual email address of your users) it can be re-mapped to the email address associated in the users AD profile.
To make this change navigate to the Connect Directory on the AWS SSO page.
Select on the Edit attribute mappings button.
Change the AWS SSO email attribute from ${dir:windowsUpn} to ${dir:email} .
Select on the the Assigned users tab and then the Assign users button to select users or groups to assign the application.
On the Assign Users window:
  • Select either Groups or Users
  • Type the name of a group or user
  • Select on the Search connect directory to initiate the search.
The results of the directory search will display under the search window.
Select the users/groups that are desired to have access to the application and then select the Assign users button.
Note: Keeper SSO Connect expects that the SAML response is signed. Ensure that your identity provider is configured to sign SAML responses.
Your Keeper SSO Connect setup is now complete!
Previous
Centrify Configuration
Next
Generic SAML Configuration
Last modified 7mo ago
Export as PDF
Copy link
Contents
AWS SSO