Mind the SSO security gaps.

Request a Demo

Why Use Single Sign-On (SSO)?

Humans are terrible at keeping track of passwords. Left to their own devices, employees frequently use weak passwords, reuse the same passwords across multiple accounts, and store their passwords insecurely, such as on sticky notes. Employees also frequently lose or forget their passwords, which means IT help desks get flooded with password reset tickets. All of these problems harm productivity, waste money, complicate identity and access management (IAM), and degrade security throughout the organisation.

Organisations deploy single sign-on (SSO) solutions because they reduce password fatigue and minimise help desk tickets for lost passwords, enhancing efficiency in the IT department and beyond. SSO also simplifies compliance reporting and supports zero-trust security models.

While SSO offers many benefits, it also has serious security and functionality gaps. Ironically, these gaps involve the primary pain point that drives organisations to implement it in the first place: passwords.

Why Use Single Sign-On (SSO)?

A Single Point of Failure

One of the most obvious shortcomings of SSO is that it represents a single point of failure. If a user forgets their password, they’re locked out of multiple sites and apps instead of just one. On the other side of this coin, if a user’s password is compromised, threat actors can use it to compromise not just one site or app, but all of the sites and apps “protected” by SSO.

A Single Point of Failure

No Password Left Behind? Not Really

In theory, SSO eliminates the need for employees to memorise any passwords other than the one they use to sign into the SSO system. The reality is quite different.

The typical organisation uses anywhere from several hundred to several thousand cloud apps. In addition to business productivity applications that everyone in the company uses, specific departments and teams utilise their own subsets of job-specific apps. These frequently include legacy line-of-business (LOB) apps that are too old to support SSO, but that contain essential data or perform critical business functions, and that aren’t feasible to refactor or replace.

Not all modern apps and services support SSO, either, but they’re still essential to the business.

Even if an app supports SSO, it may not use the same protocol as the organisation’s identity provider (IdP). For example, the IdP may use the SAML protocol, but some of the apps that employees need to access use OAuth.

Left on their own to create and keep track of passwords for non-SSO accounts, individual users and teams revert back to poor password security habits: using weak passwords, reusing passwords across accounts and storing passwords in text files or spreadsheets or writing them down on sticky notes. They may also share passwords without authorisation and fail to protect their accounts with multi-factor authentication (MFA). Meanwhile, administrators have no visibility or control over password usage in these sections of the data environment.

As a result, despite having invested in an SSO deployment, organisations are left vulnerable to password-related data breaches.

Close SSO Security Gaps in the Cloud and On-Prem

Keeper SSO Connect® is a fully managed, SAML 2.0 service that seamlessly integrates with your existing SSO deployment, enhancing and extending it with zero-knowledge, zero-trust password management and encryption.

Close SSO Security Gaps in the Cloud and On-Prem

Easy Integration into Any Data Environment. Yes, Even Yours

Today’s data environments are highly complex, typically consisting of a variety of public and private clouds, and both modern and legacy apps. Keeper SSO Connect easily deploys into all of them!

Use Keeper SSO Connect to secure any instance, or in any Windows, Mac OS, or Linux environment, in the cloud or on-prem. It easily and seamlessly integrates with all popular SSO IdP platforms, including Microsoft 365, Entra ID (Azure), ADFS, Okta, Ping, JumpCloud, Centrify, OneLogin, and F5 BIG-IP APM.

Because Keeper SSO Connect is fully cloud-based, there’s no additional hardware or software to buy. Just configure SSO Connect within your Keeper Admin Console, enable and configure the Keeper Application within the IdP, and get going!

Easy Integration into Any Data Environment. Yes, Even Yours

Secure and Streamlined Device Approvals Ensure Zero-Trust Network Access

Device authorisation is a core component of zero-trust network access. With Keeper SSO Connect, every approved user device has a local, private ECC (Elliptic Curve Cryptography) key.

Keeper’s advanced zero-knowledge encryption model ensures that we never store our users’ private keys. Encryption keys are exchanged between user devices or through Keeper administrator approvals, which streamlines device approval while preserving zero-knowledge encryption.

Secure and Streamlined Device Approvals Ensure Zero-Trust Network Access

Zero-Trust, Zero-Knowledge Password Security for Your Entire Data Environment

Some password managers either don’t support SSO at all or work only with certain identity providers, leaving you dealing with vendor lock.

Keeper SSO Connect is a natural extension of Keeper’s top-rated, zero-knowledge enterprise password management (EPM) system, which provides advanced password management, sharing, and security capabilities across the organisation – even on legacy LOB systems and apps!

Keeper gives IT administrators complete visibility and control into user password practices throughout the entire data environment, including:

  • Exclusive, proprietary zero-knowledge security model; all data in transit and at rest is encrypted; it cannot be viewed by Keeper Security employees or any outside party.
  • Rapid deployment on all devices, with no upfront equipment or installation costs.
  • Personalised onboarding and 24/7 support and training from a dedicated support specialist.
  • Support for RBAC, 2FA, auditing, event reporting, and multiple compliance standards, including HIPAA, DPA, FINRA, and GDPR.
  • Provision secure shared folders, subfolders, and passwords for teams.
  • Provision users for either SSO or Master Password authentication
  • Enable offline vault access when SSO is not available
  • Dynamically provision vaults through SCIM.
  • Configure for High Availability (HA).

Market-Leading Security Infrastructure and Policies

Keeper holds the longest-standing SOC 2 attestation and ISO 27001 certification in the industry. Keeper utilises best-in-class security, with a zero-trust framework and zero-knowledge security architecture that protects customer data with multiple layers of encryption keys at the vault, shared folder and record levels.

Market-Leading Security Infrastructure and Policies

Trusted by millions of people and thousands of businesses

Strengthen your SSO with end-to-end password security.

English (UK) Call Us