The ability to provide least-privilege access to all users is a critical component of enterprise password management. Keeper allows administrators to fine-tune their organization's access levels to sensitive data and credentials, from teams and groups down to the individual user level.
This key feature works seamlessly with Keeper’s superior architecture, composed of Nodes, Roles and Teams.
Nodes are a way to organize users into distinct groupings, similar to organizational units in Active Directory, and are at the core of Keeper’s architecture. The administrator can create nodes based on location, department, division or any other structure. By default, the top-level node – or root node – is set to the organization name and all other nodes can be created under the root node.
One advantage of defining multiple nodes is to help support the concept of delegated administration. A delegated administrator can be granted some or all of the administrative permissions, but only over their respective node or sub nodes.This delegated administration allows different people in the organization to manage controls over subsets of teams, users, roles and shared folders.
Roles define permissions, control which features and security settings apply to which users, and manage administrative capabilities. Users are provisioned under their respective nodes, with their roles configured to match the specific needs of the business.
Roles are made up of enforcement policies and control how users are able to access the Keeper Vault on their devices. Any number of role policies can be created and applied to one or more users.
Teams are used for sharing privileged accounts and shared folders among groups of users within the Keeper Vault. Teams can also be used to easily assign roles to entire groups of users to ensure the consistency of enforcement policies.
Since Keeper's security model is based on least-privilege access, we implement least-privilege policies, so when a user is a member of multiple roles, their default policy is the most restrictive.