Keeper SSO Connect

Enhancing and extending Single Sign-On deployments with secure zero-knowledge password management and digital vault capabilities. Keeper SSO Connect integrates seamlessly with popular identity providers such as Azure, Okta, ADFS, Ping, JumpCloud and G Suite.

Free Business Trial Contact Sales

Keeper + SSO = 100% Coverage

If your organization already uses an SSO solution or is thinking of implementing one, you should pair it with Keeper's secure password manager. An SSO by itself has major functional and security gaps.

Use Case
Keeper Password Manager
SSO Identity Provider
Password-Based Apps
SAML-Based Apps
Shared Passwords
Encrypted Data Storage
Social Media Sites
Native Apps
Offline Access
SSH Keys
Encrypted Private Files
Zero-Knowledge Encryption

Keeper Fills the Security Gaps in SSO

When an SSO and Enterprise Password Management solution is used together, they cover secure authentication and end-to-end encryption across every cloud application, native application and further, the protection of metadata and files in a ubiquitous digital vault.

How Keeper SSO Connect Works

Keeper SSO Connect is a SAML 2.0-compatible service provider application that is compatible with all SSO identity providers. Users simply authenticate into the IdP and then seamlessly login to Keeper Password Manager.

How Keeper SSO Connect Works

Supported Identity Providers

Keeper SSO Connect works with all popular SSO IdP platforms including Azure, ADFS, Okta, Ping, Centrify, OneLogin and F5 BIG-IP APM.

Microsoft Azure
G Suite
Amazon Web Services
Ping Identity
IBM Security

Flexible Deployment

Keeper's flexible node architecture, just-in-time provisioning and role-based access permissions allow admins to provision certain users through SSO and others through Master Password-based login.

  • Provision users for either SSO or Master Password authentication
  • Provide offline vault access when SSO is not available
  • Dynamically provision vaults through SCIM
  • Apply role-based access policies such as Allow IP Listing and 2FA

Security Architecture

  • Keeper devices obtain SSO Connect URLsKeeper devices obtain SSO Connect URLs
  • Keeper devices connect to Keeper SSO Connect service providerKeeper devices connect to Keeper SSO Connect service provider
  • Keeper SSO Connect SP delegates authentication to identity providerKeeper SSO Connect SP delegates authentication to identity provider
  • Identity provider validates userIdentity provider validates user
  • Keeper devices obtain access to vault from service providerKeeper devices obtain access to vault from service provider
  • Key provided to device for decrypting vaultKey provided to device for decrypting vault

View full security architecture

For more detailed technical documentation, view the SSO Connect Guide