Upgrading SSO Connect

Instructions for upgrading your Keeper SSO Connect service.

Keeper Security performs regular security, bug fix and feature releases to Keeper SSO Connect. It is critical that your Keeper SSO Connect software is updated regularly to ensure the latest compatibility and security updates are installed.

To check the latest release notes please visit the Release Notes portal at:

Upgrading your Keeper SSO Connect software will require a short period of downtime for your users, unless you are operating in a high availability configuration.

Downtime required: 30 minutes

Note: These instructions are typical but your specific folder names or service-related commands may be different. If you need help in the upgrade, please contact us at business.support@keepersecurity.com and we'll schedule an engineer to provide assistance.

  1. Schedule a downtime. During this time your users will be unable to login via SSO. If your enterprise has enabled offline Vault access, users will be able to access their Vault in offline mode.

  2. (Prior to the upgrade) Locate your SSO Connect server(s) * You may have more than one server if you have an HA setup.

  3. (Prior to the upgrade) Download the latest version of SSO Connect

    a. Login to the Keeper Console: https://www.keepersecurity.com/console (or .eu)

    b. Select a Node that is SSO-enabled

    c. Click on the Provisioning tab

    d. Download SSO Connect for Linux or Windows using the download buttons.

    e. Copy the downloaded file to each SSO Connect server

  4. (At upgrade time) Shut down SSO Connect

    a. Login to each SSO Connect server.

    b. Stop the SSO Connect service: Linux/Mac: systemctl stop ssoconnect.

    Windows: Stop the Keeper SSOConnect service.

  5. Backup the SSO Connect 'data' folder

    1. In the SSO Connect installation folder there is a data/ sub-folder. Save a copy of it.

      a. Linux/Mac: Usually $HOME/sso_connect/data/

      b. Windows: C:\Program Files\Keeper Security\SSO Connect\data

    2. Note: If you are already using SSO Connect >= v14.1.0, the data/ folder on Windows is in C:\ProgramData\Keeper SSO Connect\data

  6. Install the latest SSO Connect

    1. Linux/Mac: uncompress the SSO Connect .tgz file. If you run SSO Connect as a service, keep the same top-level folder name. Otherwise you will need to edit your service configuration file.

    2. Windows:

      a. Use Add/Remove Programs to uninstall Keeper SSO Connect.

      b. Run the installer for the latest Keeper SSO Connect version.

  7. Restore the data/ folder

    a. Linux: Remove the sso_connect/data/ folder if it exists. Copy in the saved data/ folder.

    b. Windows:

    1. Stop the Keeper SSOConnect service.

    2. Remove C:\ProgramData\Keeper SSO Connect\data\*

    3. Copy in the saved data/ files.

  8. Start SSO Connect

    a. Linux: systemctl start ssoconnect or java -jar SSOConnect.jar

    b. Windows: start the Keeper SSOConnect service.

  9. Test SSO Connect

    1. Visit the SSO Connect admin console (http://localhost:8080/) on each SSO Connect server and verify that SSO Connect is running. Login using the same account and password that you use on the Keeper Admin console.

    2. It is uncommon, but some SSO Connect installations may need additional configuration using the SSO Connect admin console.

    3. Log files are in a logs/ folder which is a sibling of the data/ folder.

  10. SSO logins should now be available

    1. Visit https://keepersecurity.com/vault and try to login using SSO.