Keeper Bolsters Zero-Trust Security with KeeperPush™ Device Approvals and Keeper SSO Connect™ Cloud Deployments

Keeper Bolsters Zero-Trust Security with KeeperPush™ Device Approvals and Keeper SSO Connect™ Cloud Deployments

Keeper has released v15 of our iOS and Android apps, a major update that fully integrates our apps with the Keeper SSO Connect™ Cloud platform and introduces KeeperPush™ device approvals for both SSO and non-SSO users.

Full Integration with Keeper SSO Connect™ Cloud

Version 15 fully integrates Keeper’s Android and iOS apps with the Keeper SSO Connect Cloud platform, which provides zero-knowledge encryption while retaining a seamless login experience with any SAML 2.0 identity provider. With this update, Keeper’s mobile apps can integrate seamlessly with any SSO provider while preserving our zero-knowledge encryption and without requiring any on-prem installations.

Zero-knowledge Device Approvals to Bolster Zero-Trust Security in SSO Environments

Device approvals are an integral part of a zero-trust security framework, which requires that human users and devices be verified before they can access a network. Whenever a user attempts to log in using a device they’ve not previously used to log in, the device must be approved before they are granted access.

In Keeper SSO Connect Cloud, the device approval process involves the transfer of an elliptic-curve encryption key. Every approved user device has a local, private, elliptic curve cryptography key. Because of Keeper’s advanced zero-knowledge encryption Keeper never stores our user’s private keys and has no knowledge of user data. The encryption keys are exchanged between the user’s devices, or through Keeper administrator approvals.

To offer our customers device approval while preserving our zero-knowledge encryption, we’ve developed a push-based approval system that can be performed directly by the end user, an administrator who holds “Approve Device” permissions, or through an automated approval method (the Keeper Admin Console, the Keeper Automator Service, Keeper Commander CLI, or an Azure function).

When a user attempts to access Keeper SSO Connect Cloud using a new or unrecognized device, a dialog box appears prompting them to approve their device through a push notification or by requesting administrator approval.

If the user selects “Keeper Push,” they will receive a push notification on one of their previously approved devices. All the user needs to do is accept the device approval, and they’re all set! Because there’s no on-prem software, the push approval, in effect, “pushes” the encryption key between devices.

Try Keeper Enterprise free for 14 days & check out these updates for yourself.

Sign Up Free

Zero-Knowledge Device Approval for Non-SSO Environments

Version 15 of the Keeper iOS and Android apps now includes the option to use KeeperPush for device approval in non-SSO environments as well. Previously, push notifications in non-SSO environments were available only when using the Keeper Web Vault.

New “Password Zoom” and “Password Update” Features

In addition to support for SSO Cloud and push notification device approvals, v15 of the Keeper app also includes two usability enhancements that many of our customers requested:

“Password Zoom” enables users to zoom in on their password field by pressing and holding. This is convenient in cases where a user must manually type a password, such as when accessing a streaming service through a smart TV.

A new “Password Changed” screen, which displays both the old and new password after a change.

Increased Security with Less Dependency on Master Passwords

While Keeper has always supported device-based protection, v15 of our mobile apps puts it front and center. Additionally, by reducing dependence on Master Passwords and shifting towards device-based authentication, this update makes it more difficult for cybercriminals to “enumerate” user accounts; in other words, determine whether a user has an account in the system. This adds additional protection for users against credential-stuffing attacks.

“Stay Logged In” Feature For Enhanced Productivity

The latest platform updates have given Keeper the ability to more rapidly launch new user-friendly features, including “Stay Logged In”. This feature keeps a user’s session active for the amount of time specified in their Logout Timer, even if the user restarts their browser or computer. For example, if your logout timer is set to 90 minutes, you’ll stay logged into Keeper for 90 minutes, even if you need to restart your browser or your computer. This saves time and enhances productivity by minimizing the need for users to log back into Keeper.

“Stay Logged In” is disabled by default. To turn it on, open the Keeper application and go into Settings > Security and turn the feature ON.

Administrators can disable this feature from the Admin Console in the Role > Enforcement Policies > Account Settings section and turn on the “Disable Stay Logged In” option. This will restrict the feature for users in the role and they will be unable to turn this feature on.


Download the latest version of Keeper for your device from:

For detailed encryption model and security documentation, see:

Learn more about Keeper SSO Connect Cloud:

All release notes and updates can be found here:

Not a Keeper customer yet?

Sign up for a 14-day free business trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.