Online Help

SafeNet Trusted Access for Keeper Security


Configuring SafeNet Trusted Access for Keeper Security is a three-step process:

1.Keeper Security setup

2.SafeNet Trusted Access setup

3.Verify authentication

Keeper Security Setup

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download Metadata button. You will need this metadata in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Keeper Security:

1.Log in to the Keeper Security account as an administrator using the Keeper Security login URL (for example,

2.On the administrator's dashboard, click the Configuration tab, and enable Node Structure.

3.Click the Admin tab, click to create a node.

4.Under Add Node, in the Name field, enter the name of the node you want to add (for example, SafeNet), and click Add Node.

5.In the right pane, click the Provisioning tab, and click Add Method.

6.Under Add Provisioning Method, select the Single Sign-On (SAML 2.0) option, and click Next.

7.Under Single Sign-On (SAML 2.0) with Keeper SSO Connect, in the Enterprise Domain field, enter the domain name for which you want to enable Single Sign-on, and click Save.

8.Under User Provisioning, click Download SSO Connect for Windows to download the Keeper SSO Connect application, and then install the application on your machine.

Note:  Ensure that Java 8 is installed on your machine, else install it and reboot the machine.

9.Launch the Keeper SSO Connect application that you installed in the previous step and log in to the SSO Connect Web UI as a Keeper Security Administrator.

10.In the left pane, click Configuration.

Note:  To start the Keeper SSO Connect service, an SSL Certificate is required. You need to create a self-signed certificate with a .pfx extension.

11.Under SSO Connect Server Configuration, perform the following steps:

a.In the Advertised Hostname or IP Address field, enter a hostname as keeper.<Domain Name>, where <Domain Name> is the domain name of the machine on which SSO connect application is installed.

Note:  Ensure to add an A- record under your domain name in the DNS.

b.In the Bound IP Address field, enter the private IP of your machine on which the SSO Connect application is installed.

c.In the Advertised SSL Port field, enter the 8443.

d.Ensure that the Use Certificate to Decrypt and Sign SAML Response/Request check box is selected.

e.Under SSO Connect SSL Key and Certificate, under SSL Key Store, click Drop File Here or Click to Upload to upload your .pfx file (SSL Certificate) that you have generated.

f.Under Type, select the PKCS 12 (.p12, .pfx) option and enter the password for the private key.

g.Under Identity Provider, In the IDP Type field, ensure that Default is selected.

h.Under SAML Metadata, click Drop File Here or Click to Upload to upload the SafeNet Trusted Access metadata file.

i.Click Save.

12.In the left pane, click Status and in the right pane, perform the following steps:

a.Under Service Provider, ensure that the Status is set to Running.

b.Ensure that all the information is displayed under Service Provider and Identity Provider SAML Metadata.

13. In the left pane, click Export Metadata to download the keeper metadata and save it on your machine.

Note:  You need to update your firewall to allow access over the IP and port (8443). On the server where Keeper SSO Connect is installed, ensure that connections from Keeper SSO Connect are allowed via inbound rules through the Windows Firewall settings.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Keeper Security, the second step is to activate the Keeper Security application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the Keeper Security application that you added previously is currently in inactive state by default. To configure and activate this application, click the application (for example, Keeper Security) and proceed to the next step.

2.Under STA Setup, click Upload keeper Metadata.

3.On the Metadata upload window, click Browse to search and select the Keeper Security metadata, that you downloaded earlier in step 13 of Keeper Security Setup.

4.Under Account Details, the service provider metadata information is displayed.

5.Click Save Configuration to save the details and activate the Keeper Security application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Keeper Security login URL, Click Use Enterprise SSO Login, enter your enterprise domain name that you configured in step 7 of Keeper Security Setup, and click Connect. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Keeper vault after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Keeper Security application icon, you should be redirected to the Keeper vault after authentication.


© 2019 SafeNet Trusted Access. Various trademarks held by their respective owners.