Caractéristique: Delegated administration enables enterprise-wide identity security

Harness the power of delegated administration to mitigate identity sprawl

Keeper maps across your entire organizational structure to enforce security policies for all departments, teams and regions at scale.

Keeper Admin Console showing a list of users with status indicators and security alerts such as “Poor Security Score” and “BreachWatch Alert.”

Enterprise-grade structure and control

Map your enterprise with node-based hierarchy

Structure your Keeper environment in logical nodes representing teams or business units. Each node can host its own users, roles and policies, simplifying management at every level.

Dropdown labeled “Node” showing “Acme Worldwide” selected, with region options listed below.

Admin console “Creating and Sharing” settings page showing a list of permission checkboxes (create records, duplicate records, upload files, create 2FA codes, and sharing options).

Strengthen governance with Role-Based Access Control (RBAC)

Define who can see, share and manage credentials through precise role-based access control. Apply consistent policies across nodes while retaining flexibility for local needs.

Distribute administrative control securely

Assign administrators to specific nodes and tailor their permissions accordingly. Allow them to onboard users, run reports or approve devices without exposing sensitive data.

Role permissions dropdown showing checked admin privileges (e.g., manage users/teams, reporting, device approvals, record types, share admin, transfer account).

Identity Provider settings screen with IDP type set to Azure, SAML metadata file selected, attribute mappings (first name, last name, email), and SSO endpoint preferences for login/logout.

Assign Identity Providers (IdPs) by node

Support complex organizational structures by enabling each node within your Keeper environment to use a distinct Single Sign-On (SSO) configuration. Whether managing multiple brands, subsidiaries or access tiers, Keeper lets you assign unique IdPs to each node.

Enforce security policies automatically

Apply role- and node-specific enforcement policies, such as Multi-Factor Authentication (MFA) requirements, sharing restrictions or password complexity rules, to maintain compliance.

Two-Factor Authentication settings showing enabled toggles for requiring 2FA, FIDO2 security keys (with PIN required), TOTP authenticator app, and smartwatch (KeeperDNA), with other methods disabled.

Teams page in the admin console showing tabs (Users, Teams, Administrative Permissions), an “Add Team” button, and a list of teams (Design, Engineering, Marketing, Sales, Support).

Streamline collaboration across teams

Add or remove users, manage shared team vaults and apply policies through a unified, intuitive console built for efficiency and control.

Stay audit-ready at all times

Generate compliance and access reports on demand. Instantly see who has access to what, when policies were changed and how data is being used across the organization.

Keeper's Advanced Reporting and Alerts Module showing event categories, number of events, and percentage of total activity.

Foire aux questions

What is a node in Keeper's Advanced Organizational Structure?

A node represents an organizational unit, such as a department, region or team, that can contain its own users, roles, policies and administrative controls.

Can different administrators manage different nodes?

Yes, administrators can be assigned to specific nodes with distinct permissions, enabling secure and distributed management across business units.

How does Keeper maintain security with multiple administrators?

Keeper enforces least-privilege access and uses cryptographic key separation between nodes to ensure that administrators can only access the areas they're authorized to manage.

Can policies differ between departments or regions?

Yes, you can set global policies or customize enforcement rules per node or role to meet varying compliance and operational needs.

Does this feature integrate with Active Directory or SSO?

Yes, Keeper integrates with major Identity Providers (IdPs) and supports automated provisioning through the Keeper AD Bridge and SCIM.