Comment on page
Enterprise End-User (SSO)
This end-user guide was created for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.

Keeper is simple to install, easy to use and you’ll be up and running in just minutes. You can create your Keeper account using either one of the methods below.
Option 1: Click the Set Up Your Account Now button located in the email invitation sent by your Keeper Administrator. Since your Keeper account is deployed through Single Sign-On (SSO) you will automatically be routed to authenticate with your SSO provider to launch your Keeper Vault.
Option 2: Log in to your existing SSO provider dashboard as you normally do and click the Keeper icon to launch your Keeper Vault.
Enterprise End User SSO Login
Two-Factor Authentication (2FA) adds an extra layer of security to your vault by requiring a second passcode upon logging in. Some 2FA methods like Duo or RSA, require admin configuration. Others, like the Google or Microsoft Authenticator Apps, can be set up by individual end-users.
Click the Account Dropdown Menu (your email address) then click Settings > Security to enable 2FA for your vault.

Enable Two-Factor Authentication

Two-Factor Authentication Methods
You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To begin the import process, click the Account Dropdown Menu (your email address), then click Settings > Import.

Import Your Passwords
The next time you log in to your Keeper Vault, you can either visit the Keeper Vault Login page or your SSO provider dashboard. Both options are described below. To access the Keeper Web Vault Login page, visit:
EU Data Center:
https://keepersecurity.eu/vault
AU Data Center:
https://keepersecurity.com.au/vault
CA Data Center:
https://keepersecurity.ca/vault
Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.
Visit: https://keepersecurity.com/download to download the Keeper App for all of your desktop and mobile devices.
Supported Platforms:
- PC, Mac and Linux desktops
- Chrome, Firefox, Safari, Edge and IE11 Web Browsers
- iOS (iPhone & iPad)
- Android (Phones & Tablets)

Keeper Download Page
Enter your email address at Keeper's Vault login page and click Next. You will then be routed to authenticate through your SSO Provider.

Email Address Login
From Keeper's Vault Login page, click on the Enterprise SSO Login dropdown menu and select Enterprise Domain and enter your Enterprise Domain (provided by your Keeper Administrator). You will then be routed to authenticate through your SSO Provider.

Enterprise SSO Login > Enterprise Domain

Enterprise Domain Login
Keeper provides two ways of authenticating into the Keeper Desktop application with SSO identity providers. By default, the Keeper Desktop app will open the identity provider login screen in a popup window as seen below.

SSO login with Keeper Desktop via popup window
This popup window is part of the Keeper Desktop application and will work for most scenarios. However, if your identity provider requires the use of a FIDO2 WebAuthn device or Passkey for authentication, using the desktop web browser method may be the best option.
To use the web browser on the device for SSO login with the Keeper Desktop app, open the Keeper menu and select "Use Default Browser for SSO".

Use Default Browser for SSO
When this option is selected, clicking "Next" will route you to the desktop web browser. After logging into your SSO provider (or if you already have an active SSO session), the web browser will redirect you back to Keeper Desktop and complete the login process.

Finishing Login with Default Browser
Keeper supports IdP-initiated login from the SSO identity provider dashboard (if enabled by your Keeper administrator). Log in to your existing SSO as you normally do then from your SSO dashboard, click the Keeper icon to launch your Keeper Vault.

SSO Login

SSO Provider Dashboard
If you sign into Keeper on a new platform, you may encounter a "device approval" request (SSO Cloud Users Only). Please read the section below - "Device Approvals" for instructions on how to proceed.
If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have two methods of approval to choose from, "Keeper Push" or "Admin Approval".

Device Approval Request
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.
If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes to approve the new device. Once the device has been approved, you will be able to proceed to your Keeper Vault.
You must be actively logged into a different, recognized/approved device to receive the notification.

Keeper Push Notification
Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.
if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.
Keeper's platform supports automated device approvals through a product called the Keeper Automator service. If your Keeper Administrator has configured this service, device approvals will occur automatically upon successfully logging into your SSO identity provider.
Your passwords, databases, SSH keys, bank accounts and other sensitive data are saved in your private digital Keeper Vault (as "Records") and are encrypted on your device using 256-bit AES.
To begin, click + Create New > Record.
- Enter a name for the Record and click Next
- Enter the Login (Username or Email)
- Enter the Website Address
- Click Save to finish
.gif?alt=media&token=3001ad83-17b3-4bd8-8507-9cddf8630b02)
Create a Record
Keeper's Browser Extension called KeeperFill, autofills your logins and passwords into websites and apps. To download KeeperFill for your browser, visit Keeper's Download page. KeeperFill is available for every web browser.

KeeperFill Browser Extension
When you log into your vault for a second time, you'll be prompted to set up a 24-word recovery phrase. If you forget your Master Password, this feature will help you quickly regain access.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
If Account Recovery is not available, your Keeper Administrator may be able to transfer your vault to another Keeper account.

Account Recovery Phrase Set Up
Keeper Business and Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. Once the user sets up the Family Plan, each family member receives their own vault. They can also share passwords between family members using either Shared Folders or individual record sharing.
- 1.Log in to your Keeper Business or Enterprise Web or Desktop Vault.
- 2.Click on your email address in the upper-right corner.
- 3.Select Account from the dropdown menu.
- 4.Enter your personal email in the "Keeper Family License for Personal Use" section.
- 5.Click Send Email.
- 6.This will create a separate, non-enterprise managed vault which will be associated with your personal email address.
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.

Create Personal Account
Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data.
(1) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Web Vault
https://docs.keeper.io/user-guides/import-records-1/import-from-chrome-firefox-ie-edge-and-opera
(2) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Desktop App
From the Desktop App, simply click on Settings > Import > click "Import" to begin the import process.
(4) Import from a structured .JSON file
https://docs.keeper.io/user-guides/import-records-1/import-json
(5) Import from LastPass (Fully Automated)
https://docs.keeper.io/user-guides/import-records-1/import-from-lastpass
(7) Import from Dashlane
https://docs.keeper.io/user-guides/import-records-1/import-from-dashlane
(8) Import from Encrypted KeePass (.kdbx) Files
https://docs.keeper.io/user-guides/import-records-1/import-from-keepass-kdbx
(9) Import using the Commander CLI
https://github.com/Keeper-Security/commander#importing-records-into-keeper
(10) Custom import coding using the Keeper Commander SDK
https://github.com/Keeper-Security/commander
Keeper iOS Overview
Keeper Android Overview
Autofill with KeeperFill
For additional information, please see our comprehensive library of end-user guides in the left column of this page.
Last modified 1mo ago