Feature: Team Management

Simplify team management and strengthen enterprise security

Keeper gives IT teams a centralized platform to control access, assign permissions and streamline onboarding without adding friction to daily workflows.

Start Free Trial
Admin console team settings page showing the Design team selected, with team options and assigned users visible.

How instant account switching works in Keeper

Interface showing an “Add User” modal with search and selected users.

1. Provision teams and users

Group users by job, department, or role. Automatically provision them through your identity provider or IGA such as Entra ID, Okta, Google Workspace, SailPoint, or directly to Active Directory using Keeper AD Bridge.

Checkbox list showing “General Employee” selected while “Temp Employee” and “2FA Enforced” remain unselected, illustrating role selection before assigning access policies.

2. Assign access and enforce policies

Assign role-based enforcement policies to teams and grant them access to Keeper shared folders for access to credentials and privileged resources. Apply role-based policies like 2FA to control and secure access.

Dashboard panel with a multi-line activity chart, illustrating monitoring of security events and account activity.

3. Share securely and monitor activity

Monitor activity with detailed audit logs in the Admin Console, and enable real-time alerts and compliance reporting with the Advanced Reporting & Alerts Module.

Centrally manage users, permissions and access across your organization

Simplify user provisioning and role assignment

Automate account provisioning with Keeper's SCIM and SSO integrations. When users are added to your identity provider (IdP), Keeper automatically provisions their accounts, assigns them to the appropriate roles and teams, and enforces the correct security policies.

Provisioning setup screen with Active Directory or LDAP Sync selected from three user provisioning options.
User profile page with an actions menu open, highlighting the option to transfer an account to another user.

Secure offboarding and vault continuity

With the Account Transfer policy enabled, admins can lock the account and securely reassign vault contents to a designated user, ensuring uninterrupted access to critical credentials.

Centralize credential sharing by team

Assign shared folders to teams to streamline access to credentials, secrets and resources. As users join or leave a team, their access updates automatically.

Shared folder permissions panel showing a dropdown menu for assigning different access levels to team members and users.
Two-factor authentication settings panel with 2FA required and multiple authentication methods enabled.

Enforce consistent access controls by department

Apply role-based enforcement policies, such as restricting vault exports, requiring Multi-Factor Authentication (MFA) or enforcing domain-based password complexity policies. Policies are assigned by role and can be scoped by organizational node.

Delegate administration without compromising control

Empower designated team leaders or regional IT staff to manage users, policies or teams within their scope without granting full administrative access.

Graphic of a secure user identity, shown as linked hexagons with a lock icon and a person icon.
Admin console view with a node selector dropdown open, showing multiple organizational units available for navigation.

Standardize onboarding and policy enforcement across locations

Mirror your organizational structure with Keeper's nodes and roles. Whether you're managing regional teams, subsidiaries or departments, Keeper makes it easy to apply standardized policies that scale with your business.

Frequently asked questions

Can I assign different permissions to different teams?

Yes, with Role-Based Access Controls (RBAC), you can define granular policies for individuals or departments by assigning users to roles, ensuring each person has the right level of access.

What happens when an employee leaves the company?

When an employee leaves the company, admins can instantly revoke vault access and, for supported systems, trigger automatic password rotation. This prevents former employees from accessing company systems or data.

Can I enforce Multi-Factor Authentication (MFA) across my team?

Yes, admins can enforce MFA (such as FIDO2 security keys, Duo or TOTP) at the organization or role level for an added layer of protection. Roles can be scoped to departments, regions or individual users.

Can employees securely share passwords and files?

Yes, teams can securely share files and credentials without ever exposing plaintext passwords. Admins maintain visibility into sharing activity and access through audit logs and reporting.

Is there a way to monitor user activity?

Yes, Keeper logs all user activity, including logins, record access and sharing actions. Admins can view event logs in the Admin Console or with the Advanced Reporting & Alerts Module add-on, generate real-time alerts, create custom reports and stream event data to Security Information and Event Management (SIEM) platforms for auditing and compliance.

close
Business Sales
Support

Sign up for a Free Trial

Personal and Family

Protect yourself and your family from cybercriminals.

Start Free Trial
Business and Enterprise

Protect your company from cybercriminals.

Start Free Trial
MSPs

Protect your MSP organization, your end customers and add new revenue streams.

Start Free Trial
Buy Now