Keeper Enterprise Integrates With Microsoft Active Directory For Seamless Provisioning, RBAC and Compliance.
Employees must get the access they need to do their jobs, but no additional access that they don’t need. This is the principle of least privilege. The idea is to reduce the “attack surface” by eliminating unnecessary privileges that could be exploited by either a malicious insider or an outsider that is able to compromise any given employee.
Why It’s Critical
Businesses are constantly changing with new people starting and current employees moving or leaving. Not only do people change roles, but the IT services and accounts businesses offer are constantly changing. It is impossible for the IT team to manually provision, maintain and log all of these activities needed to keep systems secure and meet compliance. Microsoft Active Directory has become the standard for centralizing user roles and access.
How Keeper Solves It
Keeper AD Bridge allows businesses running Microsoft Active Directory to integrate Keeper password management software within their current systems, automatically adding any number of Nodes (organizational units), Users, Roles and Teams. Once connected, Keeper enables role-based access control (RBAC) at any Node. Those controls can be cascaded to all lower Nodes if desired. Teams may be provisioned for sharing credentials. As the people move throughout the organization, Keeper keeps their roles updated through AD.
Keeper is a Zero-Knowledge Password Management solution. This means all information that is stored in Keeper is only accessible by the end-user. All encryption and decryption is done on-the-fly in the client’s device, and the data is encrypted both in-transit (TLS) and at rest on Keeper’s Infrastructure (AES-256). The plaintext version of the data is never available to Keeper Security employees nor any outside party. Keeper is fanatical about protecting customer data, but in the unlikely event Keeper was hacked, the attackers could only possibly access the worthless ciphertext.
Improve Password Awareness and Behavior
Most businesses have limited visibility into the password practices of their employees which greatly increases cyber risk. Password hygiene cannot be improved without critical information regarding password usage and compliance. Keeper solves this by providing comprehensive password reporting, auditing, analytics and notifications.
Keeper or SSO or Both?
SSO requires that every application support SAML protocols and requires integration into your IdP. Keeper works with any application or use case that uses a password. Already deployed SSO? Keeper is a perfect complement for the legacy applications and even newer ones that don’t support SAML. Keeper SSO Connect® works with popular SSO IdP platforms such as Okta, AWS, OneLogin, Ping Identity, F5 BIG-IP APM, Google Workspace, JumpCloud and Microsoft ADFS / Azure AD to provide businesses the utmost in authentication flexibility.
Securely Share your Passwords
Each user has a set of public and private encryption keys that are used for vault encryption, sharing password records and messages between users. Shared information is encrypted with the recipient's public key. Keeper’s record sharing methodology is easy to use, secure and intuitive.
Keeper Scales With Your Business
Keeper was designed to scale for any sized business. Features such as role-based permissions, team sharing, departmental auditing and delegated administration support your business as it grows. Keeper Commander™ provides robust APIs to integrate into current and future systems.
- Keeper Enterprise Deployment Guide
- SSO Provisioning with Keeper Enterprise
- Active Directory Provisioning with Keeper Enterprise
- Why Biometrics Will Not Replace Passwords
- Enhancing and Extending Single Sign-On with Keeper SSO Connect®
- How Can I Store and Protect My Digital Certificates and Access Keys?
- All the Keys to the Kingdom: Use Keeper to Stop Trust-Based Attacks
- Learn More About Keeper for Your Business