Privileged Access Management

Easily achieve visibility, security, access control and compliance across your entire organisation.

Authenticate and authorise every user and device in your enterprise with monitoring, threat tracking and reporting.

Today’s modern infrastructure requires a modern PAM solution

KeeperPAM secures and manages access to your critical resources, including servers, web apps, databases and workloads. As a cloud-native, zero-knowledge platform, KeeperPAM combines enterprise password management, secrets management, connection management, zero-trust network access and remote browser isolation in one easy-to-use interface.

Achieving zero trust has never been easier

Securely access every resource and account

The Keeper Vault protects all users in the organisation for complete coverage. Access is provisioned through consistent policies, and KeeperPAM integrates with all Identity Providers (IdPs) and network infrastructure.

With a zero-knowledge and zero-trust architecture, connections and tunnels established from Keeper to the target infrastructure are encrypted end-to-end.

Fast and responsive sessions

Keeper's engineers are the original creators of Apache Guacamole and are experts in browser-based remote session protocols covering SSH, RDP, VNC, HTTPS, MySQL, PostgreSQL, SQL Server and more.

KeeperPAM uses a zero-trust gateway service to access each environment. No firewall updates or ingress changes are needed, thereby enabling seamless, secure access without complexity.

Provide just-in-time access without exposing credentials

With Keeper’s remote session capabilities, the user never has access to the credentials or SSH keys.

Access to a resource can be time-limited, and credentials automatically rotate after access has been revoked.

Utilise all your development tools in one platform

Use your own SSH clients and database management tools like PuTTY, MySQL Workbench, Oracle SQL Developer, SQL Server Management Studio and pgAdmin with an added layer of protection.

Start a tunnel with one click and connect to localhost. Tunnels are end-to-end encrypted, ensuring zero-trust architecture and zero-knowledge security are preserved throughout the session.

Enable multi-cloud management

KeeperPAM centralises access in a single UI across multiple cloud providers, on-premises workloads and client environments.

A Keeper Gateway service is deployed to each cloud provider region, ensuring that the customer is in full control of privilege.

Supports multi-protocol session recording
Remote sessions can record screen and keyboard activity across all protocols including: SSH, RDP, VNC, databases and web browser sessions.

Enforce MFA protection on every system
Establish a Multi-Factor Authentication (MFA) layer on cloud and on-prem infrastructure, including resources not natively supported by MFA.

Automate password rotation
Lock down service accounts across on-prem and cloud infrastructure.

Simplify developer’s lives while streamlining security
Developers can finally improve security without friction from unnecessary network configurations.

Built for your teams

Control and monitor all privileged accounts

KeeperPAM centralises access to systems and data with zero-trust security, enforcing role-based policies and MFA across all assets. Automated SCIM provisioning ensures that every user in your organisation is protected and Just-In-Time (JIT) access eliminates standing privileges.

Simple deployment: Deploy Keeper via a web browser or desktop app and easily set up automated SCIM provisioning.
Complete visibility: Understand who’s doing what, where and with what credentials. Log all events to major SIEM platforms and get real-time risk telemetry.
Secure credentials: Secure all credentials, whether human or machine and enable secure sharing. Remove plaintext credentials and SSH keys from end-user devices.
Leverage privilege session management: Provide time-limited access to resources without exposing credentials.

Make audits effortless

Address many controls of compliance standards like FedRAMP, NIST 800-53, CMMC, SOC 2, ISO 27001 and HIPAA. KeeperPAM provides complete visibility with detailed logs, session recording and automated reports to ensure you have instant access to any data needed for audits.

Session recording and playback: Record screen and keyboard interactions across every remote session. Recordings are encrypted and stored in the cloud, and events can be logged to any SIEM.
Zero-knowledge architecture: With end-to-end encryption, your organisation is in full control of all network communications between the user’s device and the target servers, websites and applications.
Role-based access control: Enforce granular access policies by role or team, supporting compliance and reducing security risks.
Prevent data exfiltration: Actions such as downloading, copying/pasting and printing can all be restricted through policy.

Access infrastructure and workloads using modern tools

KeeperPAM streamlines access to resources with developer-friendly features designed to enhance productivity without having to open ports or create bastion hosts. From APIs to open-source toolkits, engineers get the flexibility they need to work efficiently and securely.

Servers: One-click access to infrastructure without having to manage SSH keys or RDP credentials.
Databases: Use Keeper's UI to run queries or start a tunnel, and use your preferred database connection tools, such as MySQL Workbench.
Kubernetes: Instantly connect to containers across any K8 cluster for monitoring or troubleshooting.
DevOps: Integrate with Terraform, CI/CD platforms or other build tools to prevent secrets sprawl, remove hard-coded credentials and control secret usage.

A next-gen PAM platform created for multi-cloud and distributed remote work environments

Password management

Protect, discover, share and rotate passwords, passkeys and confidential data in a zero-knowledge vault with role-based access control, auditing and compliance.

Secrets management

Integrate CI/CD pipelines, DevOps tools, custom software and multi-cloud environments into a fully-managed, zero-knowledge platform to secure infrastructure secrets and reduce secrets sprawl.

Session management

Establish cloud and on-prem privileged sessions, create tunnels, power zero-trust infrastructure access and secure remote database access without a VPN.

Remote browser isolation

Secure internal web-based applications, cloud apps and BYOD devices from malware, prevent data exfiltration and control browsing sessions with full auditing, session recording and password autofill.

Admin console

Manages and deploys Keeper to users, integrates with identity providers, monitors activity and establishes role-based enforcement policies.

Control plane

Orchestrates and monitors the various components and activities related to privileged access, session management, policies and workflow.

Comprehensive enterprise-wide coverage and seamless integration with your technology stack

KeeperPAM integrates with your infrastructure

Keeper quickly and seamlessly integrates with your existing infrastructure and Identity and Access Management (IAM) stack to achieve enterprise-wide coverage and visibility.

View All Integrations

Frequently asked questions

How do you charge for KeeperPAM?

Keeper charges per user, billed annually. See our pricing page for the packaging and pricing details.

What's the difference between Keeper Connection Manager and this new cloud-based PAM product?

The prior Keeper Connection Manager product was a fully on-prem, self-hosted solution. This new KeeperPAM platform is fully cloud-based and does not require the customer to install and host any applications. In this new model, the customer is only required to install the lightweight Keeper Gateway service to any cloud or on-prem environment. The Keeper Gateway only requires an outbound connection over port 443 to the Keeper Cloud. No ingress connections are required, which simplifies access control. All access to PAM capabilities is managed directly inside the Keeper vault.

How do users access the PAM product?

Customers simply log in to the Keeper Vault from any web browser. Advanced capabilities such as tunneling and SSH agents require the native Keeper Desktop application. Keeper Desktop is available for Windows, macOS and Linux.

Do you support passkeys?

Yes, Keeper supports storing and managing passkeys in the vault, and customers can use a passkey to enforce MFA into the web vault or desktop application.

Can I discover assets using your tools?

Yes, Keeper supports discovery of users, machines and infrastructure through the Keeper Commander CLI. The next version of KeeperPAM will support discovery from the vault user interface.

Can Keeper manage and rotate service accounts?

Yes, Keeper Secrets Manager is a component of KeeperPAM and provides automated password rotation of any type of service account across on-prem and cloud environments.

Can the PAM be used with native tools?

Yes, with Keeper's tunneling feature, any preferred tool can be used to connect to remote infrastructure with full end-to-end encryption through the Keeper Gateway to any target endpoint.

Can KeeperPAM be used as an alternative to Island browser?

Yes, KeeperPAM doesn’t require a local installation and provides superior session recording for streamlined auditing and compliance compared to Island Browser. View the full comparison here.