Introducing SaaS Configuration in Keeper

SaaS sprawl means more credentials, more exposure and more manual work for IT teams. Every cloud service an organization adds is another set of passwords that needs to be created, managed and eventually rotated, and most teams are still doing that by hand. SaaS Configuration gives organizations a scalable way to automate password rotation across any number of Privileged Access Management (PAM) User records in the Keeper Vault, keeping credentials current without the manual overhead.

Here’s a look at what SaaS Configuration is, how it works and whether it’s the right fit for your organization.

What is SaaS Configuration in Keeper?

SaaS Configuration is a feature within KeeperPAM that enables automated password rotation for cloud-based services. It provides a scalable approach to managing any number of PAM User records that require automated rotation, not just a handful of manually managed accounts.

Static and stale passwords in cloud applications create credential exposure risks. When passwords aren’t rotated regularly, compromised credentials stay valid longer, giving attackers more time to cause damage. Rotating passwords on a defined schedule or on demand when a threat is detected closes that window.

Security frameworks, including PCI DSS, SOC 2 and NIST 800-53, require organizations to enforce consistent credential hygiene. SaaS Configuration supports those requirements by making rotation a systematic, repeatable process rather than something that happens whenever someone remembers to do it.

How SaaS Configuration works

SaaS Configuration uses a PAM gateway to securely connect to the target service and update the password or secret. When rotation is complete, Keeper automatically updates the stored credential in the vault. The gateway must be running version 1.6 or newer and must be online during setup.

Keeper provides a pre-defined catalog of available rotations for a wide range of cloud services, including Okta, Snowflake, AWS, Azure, Cisco, ServiceNow and Splunk, among others. Select the service, configure the rotation schedule or trigger and Keeper handles the rest. For services not covered by the catalog, admins can build their own rotation plugin using custom development templates from Keeper’s GitHub repository. This makes SaaS Configuration extensible to virtually any cloud service an organization relies on, not just those pre-configured out of the box.

Rotation runs on a defined schedule or can be triggered on demand when immediate action is needed. Either way, the process is automated, logged and consistent.

Setting up SaaS Configuration is a two-step process:

1. Create a SaaS Configuration record in the vault and save it to a shared folder associated with your PAM Configuration. 
2. Assign that record to the target PAM User record under its Rotation Profile. Once saved, Keeper uses that configuration every time the user’s password rotation runs. Admins who prefer working in a Command-Line Interface (CLI) can also configure SaaS rotations using Keeper Commander.

Who should use SaaS Configuration?

SaaS Configuration is built for teams managing privileged access at scale. It’s worth a close look if any of the following applies to your organization.

You’re rotating SaaS passwords manually or not at all

Managing a large number of cloud app accounts without a structured rotation process is a security gap. SaaS Configuration closes it.

You need a documented and repeatable rotation process

Security and compliance teams often need to demonstrate that rotations are consistently occurring. Because SaaS Configuration is automated and auditable, it’s easy to prove.

You’re already using KeeperPAM

SaaS Configuration extends rotation coverage to the SaaS layer without adding a new tool or workflow to your existing privileged access management stack.

Your tech stack runs on Okta, Snowflake or similar platforms 

If these tools sit at the center of your identity or data infrastructure, keeping their credentials secure and up to date is non-negotiable.

Stop managing SaaS credentials manually

The more cloud services an organization uses, the harder it gets to stay on top of credential hygiene without automation. SaaS Configuration provides a scalable, auditable approach built directly into KeeperPAM.

Start your free KeeperPAM trial and put SaaS credential rotation on autopilot.