Keeper features
Explore Keeper’s full suite of security, access and compliance features designed to protect your organization and empower your teams.
Encryption
Authentication
Passkeys
Store, use and share passkeys for passwordless login across devices.
Two-Factor Authentication
Require an additional factor to access the vault.
TOTP generator
Generate time-based codes directly inside the Keeper Vault.
Keeper push
Approve new devices or login attempts with a simple push notification.
Device approval
Control which devices can access your Keeper Vault to prevent unauthorized logins.
SSO Connect
Seamlessly integrate Keeper with your Identity Provider (IdP).
Entra ID (Azure) integration
Integrate with Microsoft Entra ID (formerly Azure AD) to manage users and enforce enterprise policies.
Active Directory sync
Automatically sync users and groups from Active Directory to simplify deployment and user management.
LDAP sync
Connect Keeper to your LDAP directory for centralized authentication and provisioning.
Wearable apps
Access records and approve logins on your smartwatch for speed and convenience.
Biometric login with passkeys
Log in instantly using face or fingerprint recognition, no need to enter your master password.
Biometric login with Windows Hello, Touch ID, Face ID
Quickly unlock Keeper with built-in biometric authentication on your trusted devices.
Administration
Admin Console
Manage users, roles, vault policies and security settings from a single, centralized dashboard.
Delegated administration
Assign admin responsibilities to specific roles or teams without granting full access.
Advanced organizational structure
Mirror your company’s hierarchy with nested nodes for flexible policy enforcement and visibility.
Team management
Group users by department or function to simplify access control and record sharing.
Role-Based Access Control (RBAC)
Apply custom permissions by role to enforce security policies and limit user capabilities.
Password policy
Enforce strong password requirements to meet compliance standards and reduce risk.
Account transfer
Securely transfer a departing employee’s vault to another user during offboarding.
Command Line Provisioning (CLI)
Automate user, role and team management with Keeper Commander, our secure CLI toolkit.
SCIM provisioning
Automate user and team provisioning from identity platforms with SCIM 2.0 compatibility.
Sharing
Secure sharing
Safely share credentials, secrets and files with other Keeper users using zero-knowledge encryption.
Shared team folders
Organize and distribute records to teams with granular control over edit, share and ownership permissions.
One-Time Share
Send a time-limited, self-expiring record to anyone, even if they don’t use Keeper.
Self-destructing records
Protect sensitive data with records that automatically delete after a set number of views or days.
Share Admin
Designate admins to manage shared folders, control access and enforce permissions across teams.
Vault
Encrypted vault
Store and manage passwords, secrets and files in a fully encrypted, zero-knowledge vault.
File storage
Securely upload and store sensitive files, photos and documents with full end-to-end encryption.
Record types
Use purpose-built templates for logins, payment cards, SSH keys, database credentials and more.
Custom record templates
Create tailored record types to match your organization’s unique use cases and data fields.
Offline mode
Access your vault even without an internet connection; encrypted data stays on your device.
Privacy screen
Keep your information secure in public with a screen blur that activates after inactivity.
Privileged access
Connection management
Securely launch and monitor privileged sessions across infrastructure without exposing credentials.
Agentless connections
Access infrastructure using native protocols, no agents, VPNs or firewall changes required.
Launch SSH, RDP and VNC sessions
Instantly connect to servers, desktops and remote systems through your browser or desktop app.
“Launch as” PAM connections
Connect to systems with elevated privileges using role-based, just-in-time credentials.
Connection templates
Standardize and scale access with reusable templates for common SSH, RDP, and database configurations.
TCP tunneling
Create secure tunnels for local development tools and database clients without exposing your network.
Remote browser isolation
Open internal web apps in a hardened, isolated browser environment to prevent data exfiltration and malware.
Vendor Privileged Access Management (VPAM)
Grant secure, limited access to third-party vendors without creating permanent accounts.
Remote Privileged Access Management (RPAM)
Enable secure remote access to infrastructure and applications across hybrid and multi-cloud environments.
Session recording playback
Record and audit privileged sessions with searchable video and keystroke playback across protocols.
SSH key management
Eliminate key sprawl by storing, rotating and assigning SSH keys from a centralized, encrypted vault.
Ephemeral accounts
Create temporary privileged accounts that are automatically deleted after use.
Time-limited access
Enforce expiration windows for privileged access; credentials expire automatically after a set duration.
Automated password rotation
Continuously rotate credentials across servers, databases and services to minimize your attack surface.
Least privilege policies
Enforce access controls that limit users to only the systems and credentials they need.
Zero-standing privilege
Remove standing access to critical systems. Grant access dynamically and only when needed.
Developer
Developer APIs
Integrate Keeper into your stack with RESTful APIs for vault management, provisioning and audit logging.
Developer tools
Access a full suite of tools for building secure, automated workflows with Keeper’s platform.
CLI vault access
Manage vault records, users and shared folders directly from the command line.
Keeper Commander CLI
Automate provisioning, vault operations and security policies with Keeper’s open-source CLI tool.
Secrets manager CLI and SDKs
Securely inject secrets into your applications using CLI tools and SDKs for Python, Go, .NET and more.
CI/CD integration
Protect your DevOps pipeline by securely delivering secrets into build systems and deployment workflows.
KSM application sharing
Easily manage access to secrets across teams by sharing entire applications in Keeper Secrets Manager.
SSH Agent
Load SSH keys from your Keeper vault and establish secure sessions without exposing private keys.
-
Audit
Security audit
Continuously monitor password strength, reuse and risk across users, teams and shared records.
Risk Management Dashboard
Get a real-time view of vault security, policy enforcement and user behavior across your organization.
Advanced Reporting and Alerts Module
Build custom reports and real-time alerts for security events, role changes and vault activity.
Compliance reports
Instantly audit who has access to what, with downloadable reports that support SOX, HIPAA, ISO 27001 and more.
SIEM integration
Stream Keeper logs into your SIEM to centralize visibility and accelerate incident response.
Discovery
Identify unmanaged credentials and privileged accounts across your infrastructure with automated asset discovery.
-
Threat detection
BreachWatch
Continuously monitor the dark web for exposed credentials and alert users to take immediate action.
Dark web alerts
Receive real-time notifications when Keeper detects compromised passwords linked to your accounts.
Crowdstrike integration
Enrich threat intelligence by connecting Keeper with CrowdStrike for extended detection and response (XDR).
Google Chronicle integration
Push Keeper audit logs to Google Chronicle for scalable threat analysis and correlation.
Forcefield
Detect and block credential theft in real time with endpoint-level protection powered by Keeper.
KeeperAI
Leverage AI-powered insights to identify security gaps, automate responses and strengthen least privilege enforcement.
Automation
Password rotation policies
Automate rotation rules by user, system or schedule to enforce security best practices at scale.
Pattern-based risk detection
Identify suspicious behavior across vaults with intelligent monitoring for risky access patterns.
MCP Server
Self-host Keeper’s Multi-Cloud Proxy server to control routing, enforce data residency and streamline PAM deployments.
-
Mobile apps
iOS app
Access your vault, autofill passwords and approve logins securely from your iPhone or iPad.
Android app
Manage passwords, generate passkeys and stay protected on the go with Keeper for Android.
Browser Extension
Browser extension
Experience secure, instant logins with a zero-knowledge browser extension for passwords, passkeys and autofill.
Autofill
Quickly and securely fill passwords, passkeys and 2FA codes across apps and websites.
Password generator
Create strong, unique passwords or passphrases with customizable complexity in one click.
Snapshot tool
Capture and export real-time views of user permissions and vault access for audits or internal reviews.
Password change prompt
Keeper detects when you’re changing a password and prompts you to update your vault with the new one.
Compliance
FedRAMP Authorized
Keeper is FedRAMP Authorized, meeting rigorous U.S. government security and compliance standards for cloud services.
GovRAMP Authorized
Built for the public sector, Keeper GovCloud is GovRamp Authorized to protect sensitive federal, state and local data.
See Keeper in action
Learn how Keeper can help secure your organization’s passwords, infrastructure and privileged access.
