Enterprise End-User (SSO)

This end-user guide was created for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.

Account Creation & Setup

Keeper is simple to install, easy to use and you’ll be up and running in just minutes. You can create your Keeper account using either one of the methods below.
Option 1: Click the Set Up Your Account Now button located in the email invitation sent by your Keeper Administrator. Since your Keeper account is deployed through Single Sign-On (SSO) you will automatically be routed to authenticate with your SSO provider to launch your Keeper Vault.
Option 2: Log in to your existing SSO provider dashboard as you normally do and click the Keeper icon to launch your Keeper Vault.
Enterprise End User SSO Login

Enable Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) adds an extra layer of security to your vault by requiring a second passcode upon logging in. Some 2FA methods like Duo or RSA, require admin configuration. Others, like the Google or Microsoft Authenticator Apps, can be set up by individual end-users.
Click the Account Dropdown Menu (your email address) then click Settings > Security to enable 2FA for your vault.
Enable Two-Factor Authentication
Two-Factor Authentication Methods

Import Passwords

You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To begin the import process, click the Account Dropdown Menu (your email address), then click Settings > Import.
Import Your Passwords

Login Flows

The next time you log in to your Keeper Vault, you can either visit the Keeper Vault Login page or your SSO provider dashboard. Both options are described below. To access the Keeper Web Vault Login page, visit:
US Public Sector / GovCloud:

Vault Login with Email Address

Enter your email address at Keeper's Vault login page and click Next. You will then be routed to authenticate through your SSO Provider.
Email Address Login

Vault Login with Enterprise Domain

From Keeper's Vault Login page, click on the Enterprise SSO Login dropdown menu and select Enterprise Domain and enter your Enterprise Domain (provided by your Keeper Administrator). You will then be routed to authenticate through your SSO Provider.
Enterprise SSO Login > Enterprise Domain
Enterprise Domain Login

SSO Initiated Login

Log in to your existing SSO as you normally do then from your SSO dashboard, click the Keeper icon to launch your Keeper Vault.
SSO Login
SSO Provider Dashboard
If you sign into Keeper on a new platform, you may encounter a "device approval" request (SSO Cloud Users Only). Please read the section below - "Device Approvals" for instructions on how to proceed.

Device Approvals

If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have two methods of approval to choose from, "Keeper Push" or "Admin Approval".
Device Approval Request

Keeper Push

Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.
If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes to approve the new device. Once the device has been approved, you will be able to proceed to your Keeper Vault.
You must be actively logged into a different, recognized/approved device to receive the notification.
Keeper Push Notification

Admin Approval

Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.
if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.
Please note, your Keeper Administrator may have configured automatic approvals, in which case the request is handled within 15 seconds.

Download Keeper Applications

Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.
Visit: to download the Keeper App for all of your desktop and mobile devices.
Supported Platforms:
  • PC, Mac and Linux desktops
  • Chrome, Firefox, Safari, Edge and IE11 Web Browsers
  • iOS (iPhone & iPad)
  • Android (Phones & Tablets)
Keeper Download Page

Create a Record

Your passwords, databases, SSH keys, bank accounts and other sensitive data are saved in your private digital Keeper Vault (as "Records") and are encrypted on your device using 256-bit AES.
To begin, click + Create New > Record.
  • Choose a Record Type from the dropdown menu ("Login" is the default type)
  • Enter a name for the Record and click Next
  • Enter the Login (Username or Email)
  • Enter the Password or click the Dice to generate one (more on that here)
  • Enter the Website Address
  • Enter Notes, add Files & Photos, a Two-Factor Code and Custom Fields
  • Click Save to finish
Create a Record
For more information, please see our comprehensive Web Vault and Desktop App Guide.

Autofill with KeeperFill

Keeper's Browser Extension called KeeperFill, autofills your logins and passwords into websites and apps. To download KeeperFill for your browser, visit Keeper's Download page. KeeperFill is available for every web browser.
KeeperFill Browser Extension

Account Recovery

When you log into your vault for a second time, you'll be prompted to set up a 24-word recovery phrase. If you forget your Master Password, this feature will help you quickly regain access.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
If Account Recovery is not available, your Keeper Administrator may be able to transfer your vault to another Keeper account.
Account Recovery Phrase Set Up

Create a Personal Vault (via Business or Enterprise Account)

Keeper Business and Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. Once the user sets up the Family Plan, each family member receives their own vault. They can also share passwords between family members using either Shared Folders or individual record sharing.
  1. 1.
    Log in to your Keeper Business or Enterprise Web or Desktop Vault.
  2. 2.
    Click on your email address in the upper-right corner.
  3. 3.
    Select Account from the dropdown menu.
  4. 4.
    Enter your personal email in the "Keeper Family License for Personal Use" section.
  5. 5.
    Click Send Email.
  6. 6.
    This will create a separate, non-enterprise managed vault which will be associated with your personal email address.
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.
Create Personal Account

Importing Data from Other Sources

Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data. (1) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Web Vault
(2) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Desktop App From the Desktop App, simply click on Settings > Import > click "Import" to begin the import process.
(10) Custom import coding using the Keeper Commander SDK

More Helpful Videos

iOS Overview (iPhone & iPad)

Keeper iOS Overview

Android Overview (Phones & Tablets)

Keeper Android Overview

KeperFill Overview (Chrome, Brave, Firefox, Safari, IE, Edge & Opera)

Autofill with KeeperFill
More videos are available at:
For additional information, please see our comprehensive library of end-user guides in the left column of this page.