Using Windows Hello or Touch ID with SSO

Logging in with Windows Hello to a vault tied to SSO

Keeper supports the ability to login with Windows Hello or Touch ID on a vault that is tied to an SSO provider such as Microsoft Azure. To enable this capability, an "Alternate" Master Password must be configured on the vault. To set this up, please follow the below instructions:

(1) As the Keeper Administrator, login to the Keeper Admin Console and visit the Roles screen. Locate the role which you will allow this functionality. Then click on "Enforcement Policies".

Enable SSO Master Password

Enable the feature "Allow users who login with SSO to create a Master Password".

(2) Login to the vault using your SSO as usual, and visit the "Settings" screen.

(3) Under General Settings, turn on the "Master Password" feature and set a Master Password. This can be then used for subsequent login on the Web Vault and Desktop App (and make use of the Windows Hello / Touch ID capability).

Enable Alternate Master Password

(4) Visit the "Security" settings and turn on Windows Hello (or Touch ID if you're on a Mac). Note that if you previously tried using this setting, you should turn it OFF and ON in order to reset the Master Password storage in your device.

Enable Windows Hello Login

(5) The next time you login to your Desktop App, simply click on the "Windows Hello" or "Touch ID" logo on the login screen.

Click on Windows Hello or Touch ID login

(6) You will now be able to login seamlessly to your vault using Windows Hello, without having to constantly login using your SSO provider.

Successfully Logged In