For companies of any size and public sector
Humans are terrible at keeping track of passwords. Left to their own devices, employees frequently use weak passwords, reuse the same passwords across multiple accounts, and store their passwords insecurely, such as on sticky notes. Employees also frequently lose or forget their passwords, which means IT help desks get flooded with password reset tickets. All of these problems harm productivity, waste money, complicate identity and access management (IAM), and degrade security throughout the organization.
Organizations deploy single sign-on (SSO) solutions because they reduce password fatigue and minimize help desk tickets for lost passwords, enhancing efficiency in the IT department and beyond. SSO also simplifies compliance reporting and supports zero-trust security models.
While SSO offers many benefits, it also has serious security and functionality gaps. Ironically, these gaps involve the primary pain point that drives organizations to implement it in the first place: passwords.
One of the most obvious shortcomings of SSO is that it represents a single point of failure. If a user forgets their password, they’re locked out of multiple sites and apps instead of just one. On the other side of this coin, if a user’s password is compromised, threat actors can use it to compromise not just one site or app, but all of the sites and apps “protected” by SSO.
In theory, SSO eliminates the need for employees to memorize any passwords other than the one they use to sign into the SSO system. The reality is quite different.
The typical organization uses anywhere from several hundred to several thousand cloud apps. In addition to business productivity applications that everyone in the company uses, specific departments and teams utilize their own subsets of job-specific apps. These frequently include legacy line-of-business (LOB) apps that are too old to support SSO, but that contain essential data or perform critical business functions, and that aren’t feasible to refactor or replace.
Not all modern apps and services support SSO, either, but they’re still essential to the business.
Even if an app supports SSO, it may not use the same protocol as the organization’s identity provider (IdP). For example, the IdP may use the SAML protocol, but some of the apps that employees need to access use OAuth.
Left on their own to create and keep track of passwords for non-SSO accounts, individual users and teams revert back to poor password security habits: using weak passwords, reusing passwords across accounts and storing passwords in text files or spreadsheets or writing them down on sticky notes. They may also share passwords without authorization and fail to protect their accounts with multi-factor authentication (2FA). Meanwhile, administrators have no visibility or control over password usage in these sections of the data environment.
As a result, despite having invested in an SSO deployment, organizations are left vulnerable to password-related data breaches.
Keeper SSO Connect® is a fully managed, SAML 2.0 service that seamlessly integrates with your existing SSO deployment, enhancing and extending it with zero-knowledge, zero-trust password management and encryption.
Today’s data environments are highly complex, typically consisting of a variety of public and private clouds, and both modern and legacy apps. Keeper SSO Connect easily deploys into all of them!
Use Keeper SSO Connect to secure any instance, or in any Windows, Mac OS, or Linux environment, in the cloud or on-prem. It easily and seamlessly integrates with all popular SSO IdP platforms, including Microsoft 365, Azure, ADFS, Okta, Ping, JumpCloud, Centrify, OneLogin, and F5 BIG-IP APM.
Because Keeper SSO Connect is fully cloud-based, there’s no additional hardware or software to buy. Just configure SSO Connect within your Keeper Admin Console, enable and configure the Keeper Application within the IdP, and get going!
Device authorization is a core component of zero-trust network access. With Keeper SSO Connect, every approved user device has a local, private ECC (Elliptic Curve Cryptography) key.
Keeper’s advanced zero-knowledge encryption model ensures that we never store our users’ private keys. Encryption keys are exchanged between user devices or through Keeper administrator approvals, which streamlines device approval while preserving zero-knowledge encryption.
Some password managers either don’t support SSO at all or work only with certain identity providers, leaving you dealing with vendor lock.
Keeper SSO Connect is a natural extension of Keeper’s top-rated, zero-knowledge enterprise password management (EPM) system, which provides advanced password management, sharing, and security capabilities across the organization – even on legacy LOB systems and apps!
Keeper gives IT administrators complete visibility and control into user password practices throughout the entire data environment, including:
Keeper holds the longest-standing SOC 2 attestation and ISO 27001 certification in the industry. Keeper utilizes best-in-class security, with a zero-trust framework and zero-knowledge security architecture that protects customer data with multiple layers of encryption keys at the vault, shared folder and record levels.