close

Resources for Your Keeper Success

Learn how to deploy the Keeper Admin Console and End User Vault.

Resources for Your Keeper Success

Attend a Live Webinar Training

Keeper Q&A Session

Keeper Q&A Session

Admin Console Overview

Admin Console Overview

General Vault Overview

General Vault Overview

Resources

This is an abbreviated version of our full documentation library. If you need additional information, please visit the full Keeper Docs, linked below.

Helpful links

Admin Onboarding

Create Your Admin Account

If you still need to do so, you must start a Keeper Business trial to access the admin console. You may start a trial here.

Next, log in to the Keeper Admin Console by following the instructions sent via email from the trial registration form.

When you first log in to the Admin Console, you will land on the Dashboard which will provide an overview of high-level data on your user activity and overall security status.

The Dashboard provides oversight of the following:

  • Top Events and link to Timeline Chart
  • Security Audit overall score
  • BreachWatch overall score
  • User Status summary
Create Your Admin Account

The Admin tab is where the majority of your set-up and user deployment will take place. Here, is where you can access Nodes, Users, Roles, Teams and Two-Factor Authentication Settings.

As a first step, we recommend uploading your company logo to the vault and customizing the email invitation that will invite your employees to create their Keeper Vault. These configurations are highly recommended as they have shown to help with quick user adoption of Keeper's software.

Click Configurations then click Edit next to "Company Logo" to upload your image file.

Add Your Company Logo

Click Configurations then Edit next to Email Invitation, then toggle "Send Custom Email Invitations" on.

Add Your Company Logo

Provisioning

Manual Provisioning - To add a small number of users manually through the user interface, follow these steps.

  1. Click on Admin Section
  2. By default, the top-level root node is selected.
  3. From the Users Tab, select the + Add Users button.
  4. Enter the Name and Email of the user and then click Add.
  5. The user will receive an email to create their vault with a Master Password or SSO, depending on what node they are located in.
Provisioning

Bulk Provisioning via CSV - You can also import many users at once via a comma-delimited text file (.csv).

The file format for a CSV file upload is 3 columns: Email Address, Name, Role.

The Role field is optional. Keeper recommends you create a default, "General Employee" role and all users imported will be automatically applied to that role, for example:

  1. From the Admin Console, select Admin > Users.
  2. Select the + Add Users.
  3. Drag and drop a prepared CSV file with 3 columns: Email Address, Name, Role

Advanced Provisioning - Keeper supports the following advanced provisioning options. If you would like to test out one of these methods in your POC please contact your Keeper representative.

  • Active Directory provisioning with the Keeper Bridge service
  • Single Sign-On (SAML 2.0) with Just-In-Time (JIT) provisioning
  • SCIM automated provisioning
  • Email provisioning
  • Keeper Commander API / SDK provisioning

Advanced Encryption Options

Keeper natively encrypts using AES 256-bit to protect data from cyber threats.

For organizations that require enhanced encryption or hosting solutions [AWS GovCloud (US) for example], please contact your sales representative.

Search for and Edit a User

From the Admin Console - clicking on the Search field will open a dynamic Search tool that Searches across Nodes, Roles, Teams and Users.

  1. Click on the headers (Nodes, Roles, Teams, Users) to filter the results.
  2. Select the user that you want to modify from the "Users" tab.
  3. Select the "Edit User" dialog.
Advanced Encryption Options

Add a Role

You can add roles manually through the Admin Console, automatically mapped via SCIM or assigned directly from Active Directory / LDAP through the Keeper Bridge.

  1. To add roles manually - Select the Roles tab.
  2. Navigate to the specific node you would like the role to be assigned to.
  3. Select the + button to add a role.
  4. Verify or select the appropriate Node in the organization tree (or select the Root Node).
  5. Enter the name of the role you are creating then click Add.

(Smaller organizations might choose to administer Keeper as single level. In this scenario, all provisioned users, roles, and teams are accessed from the default Root Node.)

Add a Role

Create a Role Enforcement Policy

Click the Enforcement Policies button. Add criteria for each of the following options:

  1. Login Settings
  2. Two-Factor Authentication (2FA)
  3. Platform Restriction
  4. Vault Features
  5. Sharing & Uploading
  6. KeeperFill
  7. Account Settings
  8. Allow IP List
  9. Keeper Secrets Manager
  10. Transfer Account
Create a Role Enforcement Policy

Create a Team

  1. Navigate to the Teams tab and select the + Add Team button. (If connecting SCIM or Keeper Bridge, teams should not be manually created in the admin console.)
  2. Enter the team name and click Add Team to save.
  3. Teams can be configured with several restrictions that will override any folder-level permission settings.
  4. Check the "Disable record-reshares" dialog box.
  5. Check the "Disable record edits" dialog box.
  6. Check the "Enable Privacy Screen" dialog box.
Create a Team

Click on “+” to add users to a team.

Click on “+” to add users to a team.

Assign a Role Enforcement Policy to Your Team

Navigate to Teams in the Admin Console. Select a team and click on the plus sign next to Roles to add a Team Role. The Team will then populate in the Role section, enabling the corresponding Enforcement Policies.

Click on “+” to add users to a team.

End-User Onboarding

Account Creation

To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember.

  • We recommend that you choose a strong Master Password that is only used for Keeper.
  • Don't forget your Master Password!

To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.

* Enterprise users who login with SSO do not require the selection of a Master Password.

Account Creation

Master Password Reset

If you would like to change your existing Master Password from the Web Vault & Desktop App, from the account dropdown menu (your email ) select Settings and next to "Master Password" click Reset Now. You will then be prompted to enter your current master password and create and confirm a new master password.

Master Password Reset

Account Recovery Setup

Upon initial vault login, new users will be prompted to set up Account Recovery.
-Click Generate Recovery Phrase to begin.

Account Recovery Setup

Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it. Check the box to acknowledge you have stored it in a safe place and click Set Recovery Phrase to complete the setup.

* Please note that if you forget your master password and lose your recovery phrase, you will not be able to login to your vault and Keeper Support will be unable to help you regain access.

Account Recovery Setup

In addition to enabling an account recovery phrase, we recommend turning on Keeper's two-factor authentication feature from your account's "Settings" menu.

* If you know your Master Password and would simply like to setup Account Recovery, from the account dropdown menu (your email) select Settings > Recovery Phrase.

Account Recovery Setup

Create a Personal Vault (via Business or Enterprise Account)

All Keeper Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices.

* This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.

To create your personal vault:

  1. Log into the Keeper Web Vault or Desktop App.
  2. Click on the Account Dropdown Menu (your email address).
  3. Select Account.
    Select <strong>Account</strong>.
  4. Enter your personal email within the "Keeper Family License for Personal Use" section and click Send Email.
    Enter your <strong>personal email</strong> within the Send Email." src="/assets/images/pages/customer-success-portal/en_US/personal-vault2@2x.webp" height="484" width="1072" loading="lazy">
  5. Logout from your business vault on your browser by clicking on the Account Dropdown Menu > Logout.

Important Notes Regarding Your Linked Personal Account

  • Your linked personal account is licensed as a Keeper Family Plan account with 10GB of secure file storage and BreachWatch dark web monitoring.
  • The company managing your Business vault does not have any access rights or ability to decrypt information stored in your personal vault.
  • Your linked personal account will remain free on unlimited devices for as long as the business account is active.
  • If you leave the business, or if the business does not renew their subscription with Keeper, your Family license converts into a Keeper Free subscription. You may continue to use your personal license on one device, or purchase a Family or Unlimited subscription for all of the premium features.
  • Your Business Admin may remove the ability to share records from the business vault to the linked personal vault.

Download the Desktop App

Visit the Download Keeper for Desktop page to download Keeper for Windows, Mac or Linux.

Install the KeeperFill Browser Extension

The KeeperFill browser extension can be installed directly by the user or pushed to users by the Keeper administrator.

Import Your Passwords

  1. Log into Keeper's web vault at https://keepersecurity.com/vault/ or simply login to the Keeper Desktop App (download from https://keepersecurity.com/download.)
  2. Click on your account email in the upper right-hand corner.
  3. Click on Settings > Import then select the Import button at the top of the screen.
  4. If you are using the Web Vault, Keeper will prompt you to download the Keeper Import Tool. This is a small application, that runs on your computer to import any found passwords. The Import Tool will download into your default Downloads folder. Please download, unzip and run this application to continue.
    If you are using the Web Vault, Keeper will prompt you to download the Keeper Import Tool. This is a small application, that runs on your computer to import any found passwords. The Import Tool will download into your default Downloads folder. Please download, unzip and run this application to continue.
  5. Copy the code provided to your clipboard by clicking the copy button.
  6. If using the Web Vault, unzip the Keeper Import application in your download folder.
    If using the Web Vault, unzip the Keeper Import application in your download folder.
  7. If using the Web Vault, launch the Import Tool from the Download folder.

Create a Record

Click + Create New > Record.

  • Choose a Record Type from the dropdown menu ("Login" is the default type)
  • Enter a name for the Record and click Next
  • Enter the Login (Username or Email)
  • Enter the Password or click the dice icon to generate one (more on that here)
  • Enter the Website Address
  • Enter Notes, add Files & Photos, a Two-Factor Code and Custom Fields
  • Click Save to finish
Create a Record

Generate a Password

While creating or editing a record, click the dice icon to generate a unique password. If needed adjust the character length and special character, and click Save to finish.

Generate a Password

Share a Single Record

While viewing a record click Share.

Share a Single Record

Enter the email(s) of the user(s) you would like to share the record with, then select their permission type from the dropdown menu (if they are not already a Keeper user, they will be invited to create an account via email).

Share a Single Record
Permission Name Permission Level
Can EditUsers in the folder can edit this record
Can Share Users in the folder can share this record
Can Edit & Share Users in the folder can edit and share this record
View OnlyUser can only view the record

Create a Private Folder

A private folder is only visible to the user who created the folder and can be made up of subfolders and records. A folder can also contain other shared folders and shared records. To create a private folder, click Create New > Folder. Choose where you would like to nest the folder using the dropdown menu. You can select the parent folder or select My Vault to add the folder at the root level.

Create a Private Folder

Create a Subfolder

Create a Subfolder

While viewing the records within a Shared Folder, click Edit and check the box next to "Show subfolder records" located in the Records tab to include those records in view or leave it unchecked to collapse them from view.

Create a Subfolder

Both private and shared folders can be nested and contain an unlimited number of records or subfolders. Each subfolder inherits the same permissions structure as the parent folder.

If the parent folder is a shared folder and you move a private folder into it, the private folder will now inherit the permissions set from the shared folder, including the users that have permission to view and edit that folder and its records.

Create a Shared Folder

Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.

To create a Shared Folder, click Create New > Shared Folder.

Create a Shared Folder

Choose where you would like to nest the folder using the dropdown menu and enter a name for the folder. Set the User and Folder Permissions and click Create.

Create a Shared Folder

Share a Folder

You can add records to the folder by a simple drag-and-drop or you can click Edit and add the records using the record Search bar.

Share a Folder
Share a Folder

Record Permissions are used to govern folder members' (users) interactions with each individual record in the folder. You can access these permissions from the Records Tab by clicking Edit and then the dropdown icon next to each record name.

Share a Folder

Edit your Shared Folder settings

Shared Folder Settings are configured in order to easily set folder permissions for all users within the folder. These are selected upon the initial creation of the Shared Folder but you can change them at any time by clicking Edit > Settings. Click the dropdown arrows to set the Record and User Permissions for the folder.

Please note, newly created records inherit these permissions when adding users or records to the shared folder.

Edit your Shared Folder settings

In order for the "subfolders" checkbox to appear, you must first click the "Show subfolder records" checkbox located in the Records tab.

* If the Default Folder Settings are not set properly, users who add records to the Shared Folder will find that the records are "View Only" by other members of the Shared Folder, even if those users have "Can Manage Records" permission. If you would like all folder members to have edit rights over all records that are added to the folder, set the Default Folder Settings to Can Edit Records. The Can Manage Records setting only allows users the ability to add or remove records, it does NOT give them record permissions.

Create a One-Time Share

To create a One-Time Share, click the menu icon within the record that you own or have the permission to re-share. Then select "Create a One-Time Share" to generate a link.

Create a One-Time Share

Next, select the record access expiration from the dropdown menu and click Generate.

Create a One-Time Share

You can copy the URL of the link, or copy the entire invitation body (for sending additional contextual information to the recipient). If you scroll down the dialog, you will also see a QR code that can be sent to the recipient.

Create a One-Time Share

When the recipient of the share link opens the record, it will open in their web browser and it will be bound to their device. The record access will automatically expire after the set amount of time.

Create a One-Time Share

After the record has expired, the link will no longer be valid, and existing devices will no longer load the information.

Create a One-Time Share

Add a Two-Factor Code to a Record

To add a Two-Factor Code, you can use the Web Vault, Desktop App or mobile apps.
From the Desktop App, click on "Add Two-Factor Code". There are 3 ways to input the code:

  • Scan (Desktop App Only)
  • Upload a QR code image (.jpg, .png, etc)
  • Manual Entry (advanced)
Add a Two-Factor Code to a Record

The "Scan" feature on the Keeper Desktop application lets you drag a small scanner window on top of the target QR code. This is useful when setting up applications on the desktop computer.

Add a Two-Factor Code to a Record

It's also very easy and straightforward to use the Keeper mobile app on iOS or Android to add a Two-Factor code. Tap on "Add Two-Factor Code" from the record edit screen and use the device camera.

Add a Two-Factor Code to a Record

Run a BreachWatch Scan

To start your BreachWatch scan, click BreachWatch in the left navigation menu within the Admin Console, then click Let's Begin > Scan.

  • Scan (Desktop App Only)
  • Upload a QR code image (.jpg, .png, etc)
  • Manual Entry (advanced)
Run a BreachWatch Scan

Create a Passkey

To create and save a passkey for a site, typically you'll need to visit the "Security" or "Account Settings" screen of the website. In the below example, we'll be showing Best Buy.

Create a Passkey

When clicking the "Create a Passkey" button, Keeper will intercept the request and ask you to save the passkey to your vault.

Create a Passkey
English (US) Call Us