User Guide. Admin Guide. r

Similar documents
Table of Contents. The Keeper Vault

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

LastPass Enterprise Recommended Policies Guide

Administrator Quick Guide

End User Manual. December 2014 V1.0

Sophos Mobile Control startup guide. Product version: 7

Remote Support 19.1 Web Rep Console

IT Essentials v6.0 Windows 10 Software Labs

Sophos Mobile. startup guide. Product Version: 8.1

Welcome to ncrypted Cloud!... 4 Getting Started Register for ncrypted Cloud Getting Started Download ncrypted Cloud...

A. Getting Started About e-access Enrolling in e-access: Authenticating your account Login... 5

Remote Support Web Rep Console

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

Sophos Mobile Control Administrator guide. Product version: 5.1

USER GUIDE Summer 2015

Configuring Pentaho with LDAP or Active Directory

maxecurity Product Suite

New Dropbox Users (don t have a Dropbox account set up with your Exeter account)

Directory Integration with VMware Identity Manager

Message Networking 5.2 Administration print guide

CLIQ Web Manager. User Manual. The global leader in door opening solutions V 6.1

SPANNING BACKUP for Office 365. Admin Guide

IBM Security Identity Manager Version Administration Topics

OneLogin SCIM. Table of Contents. Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6

City National E Deposit SM User Guide

22 August 2018 NETOP REMOTE CONTROL PORTAL USER S GUIDE

Server Installation. Parent page: System Installation, Licensing & Management

Lime Survey is a survey tool hosted internally at the University.

VMware Horizon Session Recording Fling:

McAfee File and Removable Media Protection Product Guide

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

The Guide. A basic guide for setting up your Samanage application

Administrator s Guide

Managing WCS User Accounts

Administration. STILOG IST, all rights reserved

ELM Server Exchange Edition ArchiveWeb version 5.5

Appliance Upgrade Guide

scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE


EasyMorph Server Administrator Guide

Admin Table is oftr Caoto ntr e s U ntsser Guide Table of Contents Introduction Accessing the Portal

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

EMPOWER2018 Quick Base + Workato Workjam

Backup using Quantum vmpro with Symantec Backup Exec release 2012

Bomgar Appliance Upgrade Guide

Splashtop Enterprise for IoT Devices - Quick Start Guide v1.0

RED IM Integration with Bomgar Privileged Access

SIMSme Management Cockpit Documentation

USER GUIDE for Salesforce

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

Android Rep Console

FilesAnywhere Features List

DSS User Guide. End User Guide. - i -

OYSTOR USER ADMIN GUIDE

SmartDraw. S M A R T D R A W S I T E L I C E N S E : A d m i n C o n t r o l s G u i d e

How to Configure Authentication and Access Control (AAA)

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

Lasso Continuous Data Protection Lasso CDP Client Guide August 2005, Version Lasso CDP Client Guide Page 1 of All Rights Reserved.

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

Qbox User Manual. Version 7.1

Mozy. Administrator Guide

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

MITEL. Live Content Suite. Mitel Live Content Suite Installation and Administrator Guide Release 1.1

SMS 2.0 SSO / LDAP Launch Kit

Atlona Manuals Software AMS

Connector. Installing and Configuring the Client

GoToMyPC Corporate Administrator Guide

AndroPay Admin Center Getting Started

AvePoint Online Services for Partners 2

Health Messenger User Guide

User Guide. Version R92. English

SafeConsole On-Prem Install Guide

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

SMEC ASSET MANAGEMENT SYSTEM PMS Version 5.5. System Administrator s Guide

Handbook: Carbonite Safe

Comodo SecureBox Management Console Software Version 1.9

2015 Mobiliya. All Rights Reserved Page 2

GolfNow Central. Marketing User Guide. February 2018

Proactive-CCTV Server Installation Guide v1.0

Working with Mailbox Manager

ROCK-POND REPORTING 2.1

Managing External Identity Sources

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Ignision Server User Manual

AT&T Global Network Client for Android

SAS Visual Analytics 7.3 for SAS Cloud: Onboarding Guide

ReadyTalk for HubSpot User Guide

Welcome To Account Manager 2.0

Google Identity Services for work

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

VMware Identity Manager Administration

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

Sophos Mobile. startup guide. Product Version: 8.5

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

Installation Guide Worksoft Analyze

Setting Up Resources in VMware Identity Manager

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Managing WCS User Accounts

Transcription:

User Guide Admin Guide r 03.08.16 1

Welcome to Keeper! We re excited you have chosen to work with us. Let s get started by walking through how you can tell your employees about Keeper, then we ll walk you through the product. r 03.08.16 2

Content Internal Onboarding and Communication Plan Introduce Keeper to Your Company Invite Employees Train Employees Measure Adoption 4 Logging in to the Console 7 Users Adding an Individual User Adding Multiple Users Searching for a User Editing/Making Changes to a User User Tools 8 Devices Device Tools 12 Enforcements Master Password Complexity Enforcement Policies 13 Recent Activity Filter Search Export 15 Security Audit View Detailed Report Filter Search 16 My Account Change Plan 17 Order History 18 Support 19 Enterprise Bridge 20 Contact 33 r 03.08.16 3

Internal Onboarding and Communication Plan Introduce Keeper to Your Company Send an email to your employees indicating that you have partnered with Keeper to allow employees to manage and store all of their login credentials. Here s an example of an email you could send: Team, We have selected Keeper as our enterprise password manager that employees will be required to use in order to access web and mobile applications. Keeper makes it easy for you to create strong passwords for all of our corporate sites and store all these credentials in an encrypted digital vault. You no longer have to worry about remembering passwords - Keeper does that work for you. If you want to learn more about Keeper in advance of receiving an invitation - please read more on their website. You will be receiving an email invitation within the next few days from Keeper in order to create an account. If you already use Keeper continue to do so. You will be prompted to create a corporate account. Please follow the instructions in the email to set up your Keeper account. - CTO r 03.08.16 4

Internal Onboarding and Communication Plan Invite Employees You can add users manually through the Admin Console or via Active Directory through the Keeper Enterprise Bridge. To learn more about how to add users through Active Directory, please refer to our Enterprise Bridge Guide. Once you have invited users, they will receive an email invitation to create their account. You will be able to see the status of users in the Admin Console as either Invited or Active. Employees will receive an email that looks like this: test@keepersecurity.com has invited you to a private Keeper account. To access this group, you need to create a Keeper account using the email address joyskokie20@gmail.com. It s easy and it takes under a minute. r 03.08.16 5

Internal Onboarding and Communication Plan Train Employees For self-service customers, we encourage Admins to hold internal webinars or training sessions. You can also point employees to the Keeper Support page where they can view Video Tutorials, access Quick Start Guides tailored to the platform where they will be using Keeper and get answers to commonly asked questions. Employees can also email the Keeper Support Team at enterprise.support@keepersecurity.com. As part of your Quick Start Implementation, your dedicated implementation manager will guide you through the process of training employees including the materials you may need to host a training session along with a project plan for the roll-out of Keeper within your enterprise. If you have not purchased our Quick Start Implementation option, a support representative will walk you through how to train your employees during an onboarding call. This support representative will also provide a 30 minute webinar for up to [250] employees. Measure Adoption Through the Admin Console, you can filter users based on those who have been invited, but not yet registered for Keeper. You should re-invite these users and don t hesitate to send around another personal email to the company reminding employees that signing up for Keeper is mandatory and you are able to see who has not yet registered. r 03.08.16 6

Logging in to the Enterprise Console The Admin Console is where you will be able to manage your users and also set your enforcements for your users. Login to Admin Console from this link: https://keepersecurity.com/console You can login with the same email and master password that you used to create your Keeper account. When you first login to the Admin Console it will bring you to the home page. This will give you an overview of our User Licenses and User Devices. You can access this information by either clicking on Manage Users or Manage Devices highlighted in green. You may also access this information from the left column listed under users and devices. r 03.08.16 7

Users This is where you can manage all of the users in your Keeper account. You can add, delete, edit or make any necessary changes. Assign users to Subgroups. r 03.08.16 8

Users Adding an Individual User Now fill in the fields. Select the role that you would like this user to have. You can choose from either a user or an admin. If you select Admin this will then allow them to access the Admin Console and make changes to your account and other users. If you would simply like to add a non-admin employee, select User for their role. You can also create a subgroup if you have different departments in your company. For example if you have a sales department you can click on create subgroup and then put sales team in the field and click save. If you do not have a need to create a subgroup simply skip over and click add user. Once you click add user, the system will then add them to your user list and they will receive an email inviting them to create a Keeper account. Prior to creating a Keeper profile, they will show up in your list as invited located under status. Once a user profile has been created, they will show up as Active. r 03.08.16 9

Users Adding Multiple Users To add multiple users to your account you can import your users by dragging and dropping your file in the Drop a File Here box located at the bottom. The tab-delimited or comma-separated text file you are importing should adhere to the following format: Email, First Name, Last Name, Group(s) Ex: joe@test.com,joe,smith, Sales,Marketing Searching for a User Once you have all of your users added, if you need to you can search for specific users in the search bar. Filtering is particularly helpful if you need to re-invite users who have not created an account. r 03.08.16 10

Users Editing/Making Changes to a User Select the user you wish to make changes to by clicking on the gray box next to their email. If you wish to select all you can click the gray box next to user. Once you have made your selection you have several actions you can choose from located in the upper right corner. Locking Users: This will prevent your user from logging into Keeper. Unlocking Users: You can unlock a user account from this option. Trash: This will remove your user from your group. When you select this action you will have 2 options when removing them. 1. Remove this user from the group, delete shares and convert to free trial 2. Remove this user from the group and delete the account entirely Edit User: You can edit your user from here. Change the name, role and also change which subgroup they belong to. Resend Invite: If you have a user who is still showing up as invited, you can send them another invitation by select this option. r 03.08.16 11

Devices Device Tools You can manage your user s devices from here. Your users and their devices that they have linked with their Keeper will be listed. It will also show when the device was activated and when they last logged in. Delete: You can remove devices by clicking on the trash icon. Edit: You can edit the device name by selecting the pencil. r 03.08.16 12

Enforcements Here you can set your enforcements/requirements for your Group. Master Password Complexity You can set your requirements for your users when they are setting up their master password by length, special characters, how many upper-case letters and how many digits will be required. When finished with your changes select Save Rules highlighted in green. Enforcement Policies Enforce the use of Two-Factor Authentication: This will force your users to setup two-factor authentication when setting up their Keeper profile. Toggle on to enforce. Automatically run cloud backups for each user: You can select how often your users backup their data to Keeper s Cloud Security Vault. Simply click the drop down menu to select how frequently you would like this to happen. Prevent record sharing outside of the Keeper Group: By enabling this, you will deny access to your users from sharing records outside of your Group. Simply toggle this on to enforce. r 03.08.16 13

Enforcements Prevent record sharing to anyone: Enabling this will prevent your users from sharing records to anyone. Toggle this on to enforce. Prevent record export: This will prevent your users from exporting their data from their Keeper. Toggle this on to enforce. Prevent file upload: When this is enabled, your users will not be able to upload any files to their Keeper. Toggle this on to enforce. Prevent offline access: Enforcing this will prevent your users from accessing their Keeper without internet access. Toggle this on to enforce. Enforce password expiration: When this is enabled, this will make your users update their master password to a new master password depending on how frequently you have this set. Toggle on to enforce then select however many days you would like this to be reset. r 03.08.16 14

Recent Activity In Recent Activity you can view how frequently Keeper is being used. You can view by specific dates and you can also view a detailed report by clicking on View Detailed Report. Filter Search: You can filter your search by clicking the boxes. This way you can see specific changes that your users are making. Export: You can export this data by clicking on export in the upper right corner. The data can be exported as a CSV or XLS File. r 03.08.16 15

Security Audit Here you will be able to monitor how secure your users passwords are. It will show you what percent of your users are using Unique Record Passwords, also what percent of your users have strong master passwords, who is using Two-Factor Authentication and what percent of your group is using strong passwords for their records. View Detailed Report: All your users will be listed in the detailed report. You may also export this data. Please note that if your users are not creating or editing passwords and are only receiving shared passwords, they will not show up in the Security Audit Score. Filter Search: You can filter your search from who has Two-Factor on or off. r 03.08.16 16

My Account This will give you an overview of your account. Change Plan: You can change your plan and add users by clicking on the green box titled change plan located in the upper right corner. You can also contact our sales team by phone or email. PH: 312.226.5544 Email: sales@keepersecurity.com r 03.08.16 17

Order History This will show you your previous purchases. r 03.08.16 18

Support Clicking on Support from the Admin Console will take you to our support page. You can reach support also by phone 312.226.4782, email enterprise.support@keepersecurity.com or live chat (Live Chat Hours 3am- 7pm CST) Keeper s support team is available 24x7 via Live Chat, email, or phone. Please reference the contact information below. enterprise.support@keepersecurity.com (312) 226-4782 r 03.08.16 19

Enterprise Bridge General Keeper Enterprise Bridge allows businesses that operate with LDAP based user repositories to fully integrate Keeper s password management software effortlessly within their existing environment. It simplifies the process of creating accounts by automatically adding selected users to Keeper. Keeper Enterprise Bridge communicates over LDAP or LDAPS. Overview Keeper Bridge consists of two components, a tray application and a Windows service. The tray application allows administrators to configure settings related to the service. It also functions as a service controller allowing admins to adjust LDAP filter settings and publish updates to Keeper. The Windows service is designed to poll LDAP directory users within the specified Distinguished Name (DN) path provided and invite them to join Keeper. The tray application can be installed on multiple machines for use by multiple admins. The service must be installed on a single host system. All tray applications access the same instance of the service. r 03.08.16 20

Enterprise Bridge Installation Installation is performed using the setup program provided. During installation, you will be required to provide several pieces of information to complete the process: Domain name, host name, or IP address of the AD server. An existing Security Group defined which the application will use to authorize users for access to the application. The host name or IP address of the system running the Bridge Service and the port used during the installation of the Keeper Bridge Service. If the Bridge service is being installed on the current machine than the default entries can be used. The default port is 10112. You will also need to allow port 443 out from the machine that the Keeper Enterprise Bridge service is installed on. Window Tray Application Login Form The Login form secures the Tray Application and the service using LDAP credentials and authorizes users with the Admin Security Group defined during installation. LDAP credentials and all communication from the Tray Application to the service are encrypted and signed. The connection settings for the service can be changed using the Settings drop down. Tray Icon Login Form Example The Keeper Bridge tray icon provides a convenient menu for accessing the Settings form, the Help form or the Admin Console online application. Tray Icon Example r 03.08.16 21

Enterprise Bridge Settings Form The Settings form can be accessed from the tray icon allowing the user to define their LDAP connection settings, the Bridge Access Identity, the Distinguished Name path and User Filter. The primary purpose of the form is to configure the LDAP Settings and the Keeper identity for use by the Windows service. With these settings defined the form allows the Admin to review the Users and Groups returned by the filter and adjust the filter accordingly. Making changes to the form and using the Save button allows the Admin to review the results of the filter before publishing the changes for the service. Settings Form Example r 03.08.16 22

Enterprise Bridge LDAP Account Settings 1 2 3 4 5 LDAP Connection Example 1. Domain Name The Domain Name used for authentication and object lookups. When Global Catalog is enabled (default) the Domain Name is used to find the Global Catalog. 2. LDAP Port The default TCP Port for LDAP connections is set to 389. All communications on port 389 are encrypted with Kerberos using Sign and Seal. Selecting the SSL checkbox will change the port to 636 and will encrypt data using SSL. When Global Catalog is enabled (default) ports 3268 (Kerberos) and 3269 (SSL) will be used for object lookups. 3. User Name The User Name for the Principal User account used to browse the Distinguished Name (DN) path and invite users to join the Keeper Group. This user should be set up with read-only permissions. The Principal User is a read only account that provides access to the directory from the tray application or Windows service even when the console is not logged in to the system. In cross-domain environments it may be necessary to use domain\username format if the user context is not within the domain name specified. 4. Password Principal User account password. This password is stored locally, encrypted using AES 256. 5. Test Connection Performs an LDAP Bind using the Domain Name and Port with the user credentials. A successful test indicates that all LDAP connection settings are valid. r 03.08.16 23

Enterprise Bridge 6 7 8 9 LDAP DN and Filter Example 6. Group DN Path The Distinguished Name path to a Security Group within the directory where the Windows service will read for user objects. If the user is not found to be already invited or accepted into the Keeper, an invite will be sent to the user. This could be an existing group in the directory or a group created specifically for Keeper users, where existing groups or users are then added for invitation to the Keeper. 7. User Filter The User Filter is defaulted to a basic filter that will work for many directory implementations. The default filter is created when the user provides a DN path and saves the local settings or uses the Apply Filter button. Once the default filter has been set, changing the DN Path will have no effect on the filter. The filter must also be modified for the same change or reset to the default filter using the Apply Filter button. 8. Apply Filter Button The Apply Filter button sets the filter to the default filter based on the DN Path provided. See the User Filtering help document for more information. 9. Service Status Local Settings reflects the state of local form changes. When making changes to the form the Local Settings status will change to Save Required reflecting that the form has been edited from the Saved or Published changes. Using the Save button will commit the changes locally and update the metrics on the form to reflect the updates. At this point, the changes are considered Not Published meaning that the local form is using the changes but the service is still running on the last changes published. This allows the admin to carefully make and assess changes to the filter while not interrupting the currently published settings. Once the Admin is satisfied with the changes they can then be published to the service allowing the service to now act on the new settings. NOTE: Locally Saved settings will be lost if not published when the tray application is exited. Using the Reset link button will restore the last published changes to the form. r 03.08.16 24

Enterprise Bridge 10 11 Status Indicator Example 10. Status Indicators The status indicators monitor the status of the Keeper Enterprise API, the directory server and the Keeper Enterprise Bridge service based on the last published changes. If there is a problem in network connectivity or responsiveness of the system, the indicator will turn red. If systems are functioning normally the indicator will be green. The text for each indicator also reflects the current status. 11. Users/Groups Affected Metrics In many situations it can be challenging to understand which groups and/or users in the directory will be affected by the defined filter. These metrics help the admin confirm that the filter defined is affecting the intended users. Clicking on either link, Users Affected or Groups Affected, will show a list of the affected users or groups. The tray application polls the Directory every 15 seconds and updates on each change to show in real time the effect of the filter and DN path provided. When the tray application is in a minimized state or closed, the application will not query the directory saving network resources. 12 13 Bridge Identity Field Example 13. Bridge Identity The Bridge Access Identity identifies the group to be managed by the application. This Identity Token can be obtained by a Keeper Administrator by logging into the Keeper Admin Console at https://keepersecurity.com/console and clicking on the Enterprise Bridge tab. The Groups Admin Console allows the admin to generate, revoke, and see the status of the current token. The token is single-use only and does not expire. r 03.08.16 25

Enterprise Bridge 14 15 16 17 Keeper Metrics Example 14. Apply Button The Apply Button will update the service with the Bridge Access Identity token entered. The token will be removed from the text box and the Keeper Groups status indicator will change from Identity Required to Online and the Keeper Group Metrics will be displayed. 15. Keeper Metrics The Keeper Metrics are updated every two minutes. This shows a running count of users invited and users which have accepted the invitation to the Keeper Group. When the tray application is in a minimized state or closed, the application will not query for Keeper Metrics saving network resources. Clicking on the respective link buttons will display lists of users and their status. 16. Resolve Name The Resolve Name button allow the admin to enter just the group name in the Group DN Path field, then using the Resolve Name button will translate the Group Name to a Group DN Path. The LDAP settings must be valid for the Group Name to be resolved. 17. Save and Publish and Reset Buttons The Save button commits local changes and makes them active on the form. LDAP Metrics for groups and users are updated to allow the Admin to review the results of LDAP changes. The Save button does not persist changes to the service until the Publish button is used. This allows the Admin to review local changes before Publishing them to the service. The Publish button persists the local changes to the service allowing the service to take action based on the new changes. The Reset button loads the last changes published from the service. r 03.08.16 26

Enterprise Bridge Options Form The Options Form can be accessed from the Settings form with the Options link on the top right of the form. The Options Form allows the admin to configure Keeper Account Options as well as some Windows service related options. To enhance seamless security of Keeper Accounts with Active Directory, the admin may choose to disable Keeper Accounts when the Active Directory account is disabled or lock accounts for deletion when the Active Directory account is removed. Settings to control service related actions such as the Admin Security Group, The Polling Interval and Debug mode are also available here. Enterprise Bridge Options Example r 03.08.16 27

Enterprise Bridge 1 2 3 Enterprise Bridge Account Options Example 1. Delete Keeper Account The Delete Keeper Account checkbox when checked will Lock the Keeper account for deletion when the user s directory account has been removed from the filter on the next polling cycle. User accounts which are added back to the filter will be unlocked if the account is in a locked state and the Delete Keeper Account option is checked. Keeper account access is prevented as long as the account is in the Locked state. 2. Disable Keeper Account The Disable Keeper Account checkbox, when checked, will Disable the Keeper account when the Active Directory account has been disabled on the next polling cycle. Keeper account access is prevented as long as the account is in the Disabled state. Enabling the Active Directory account will allow access to the Keeper account on the next Polling cycle when this option is enabled. 3. Admin Security Group The Admin Security Group is used to secure access to the Keeper Enterprise Bridge application using Active Directory login credentials. The Login Credentials supplied on the Keeper Enterprise Bridge login form must be for a valid Directory Services account which is in the Security Group defined. The Admin Security Group information is set by the installer and can only be changed on the Options form or by reinstalling the application. r 03.08.16 28

Enterprise Bridge 4 5 6 7 Enterprise Bridge Service Options Example 4. Debug to Event Log The Debug to Event Log checkbox enables debug logging to the event log. With this box unchecked only errors are logged. Check this box for more verbose logging. 5. Polling Interval The Polling Interval defines the period of time between polling cycles. Each polling cycle the Enterprise Bridge Service polls the directory based on the User Filter defined, inviting users and provisioning/de-provisioning accounts based on the options set. 6. Use Global Catalog The Use Global Catalog option enables cross domain support by directing object lookups through the Global Catalog for the domain entered in LDAP Connection Settings. User authentication is still performed based on the user s local domain. When including users from another trusted domain the groups involved must be Universal Security Groups. Global Catalog lookups are performed against port 3268 (Kerberos) or 3269 (SSL). 7. Close Button Closes the form and updates the Local Settings status to Publish Required if changes were made. All metrics on the settings form are refreshed to reflect any new options set. r 03.08.16 29

Enterprise Bridge Windows Service The Keeper Enterprise Bridge service is always running and is set for automatic restart to ensure that the service is never left offline. The service receives communication from the tray application which is secured by Active Directory Administrator credentials using secure, signed Kerberos exchanges for all communication. The service runs as the system user even if the local console is not active, running in the background inviting users and monitoring for user accounts which have been removed or disabled at regular intervals. The polling interval can be configured from the Options form anywhere from 5 minutes to 1440 minutes (1 day) between cycles. Locking and disabling users are options and can be enabled on the Options form. Users newly added since the last polling cycle will be Invited to join the Keeper. Users who have had their account disabled will be locked out from the Keeper system. Users removed from the Directory Filter will have their Keeper account Locked for deletion. A Locked account can be managed by the Group Administrators from the Keeper Admin Console at https://keepersecurity.com/console. Keeper Account status can be reviewed using the Accepted to Group link button or by visiting the Groups Admin Console. Encryption Keeper Enterprise Bridge utilizes 256-bit SSL to encrypt all data transport between the client application and KSI s cloud-based storage which is standard for all Keeper Security, Inc. applications. Please access https://keepersecurity.com/security to read our security disclosure. LDAP communication with the AD utilizes Kerberos authentication with Signing and Sealing enabled for an encrypted data exchange and to ensure that the data was not modified by a malicious third party. Removing Users When a user leaves the company or should no longer have access to the Keeper, the user must be removed through the Keeper Admin Console online application. This online application can be accessed through the tray icon or by opening https://keepersecurity.com/console. r 03.08.16 30

Enterprise Bridge User Filtering Keeper Enterprise Bridge is designed to invite users to your Keeper group which are found in the Distinguished Name (DN) Path and User Filter defined. The DN Path can be set to any location within the directory. It is not necessary to create a Keeper-specific directory group. Since each directory service implementation may differ and each implementation is expected to have varying needs, the User Filter is fully customizable. This allows you complete flexibility to define the portion of the Directory to invite your Keeper users. Keeper Enterprise Bridge creates a default filter based on the DN Path defined. This default filter will function for any site with the following assumptions: 1. A person or group in the Directory is defined by objectclass. (Required) 2. Keeper Enterprise Bridge will search the DN Path and all nested groups for all person and group objects. 3. A user account should always be invited unless it has been deleted or moved out of the DN Path specified. 4. Disabled accounts will be invited, unless Disable Accounts is Checked on the Options form. If items 2 through 4 above are not desired, a custom filter can be created. A skilled Directory Services Administrator may be required to determine what a custom filter should include. Bridge User Filter Example r 03.08.16 31

Enterprise Bridge User Filtering (Continued) Default Filter: The default filter is created based on the DN Path entered. Example default filter: (&(objectclass=person)(memberof:1.2.840.113556.1.4.1941:=cn=keeper, DC=ad1,DC=testdomain, DC=com)) The default filter has two filter conditions: (objectclass=person) - Restricts object returned to a type of person. This filter condition is required for Keeper Bridge to distinguish between people, groups and other types of objects within the Directory. (memberof:1.2.840.113556.1.4.1941:=cn=keeper, DC=ad1, DC=testdomain, DC=com) - The OID (1.2.840.113556.1.4.1941) - Allows queries for users to be done in the Subtree starting in the DN path specified. Removing the OID restricts the users found to just the DN path specified and users in nested groups would not be returned. Custom User Filter Examples: Example filtering for users only in the DN Path. Users which are in nested groups will not be invited (bold is the delta from default filter): (&(objectclass=person)(memberof:=cn=keeper, DC=ad1, DC=testdomain, DC=com)) Example filtering out disabled accounts (bold is the delta from default filter): (&(objectclass=person) (!useraccountcontrol:1.2.840.113556.1.4.803:=2)(memberof:1.2.840.113556.1.4.1941: =CN=keeper, DC=ad1, DC=testdomain, DC=com)) Example filtering out accounts that have been Locked Out (bold is the delta from default filter): (&(objectclass=person) (!useraccountcontrol:1.2.840.113556.1.4.804:=18) (memberof:1.2.840.113556.1.4.1941: =CN=keeper, DC=ad1, DC=testdomain, DC=com)) Example filtering out disabled accounts and accounts that have been Locked Out (bold is the delta from default filter): (&(objectclass=person)(!useraccountcontrol:1.2.840.113556.1.4.803:=2 (!useraccount Control: 1.2.840.113556.1.4.804: =18)(memberOf:1.2.840.113556.1.4.1941:=CN=keeper, DC=ad1, DC=testdomain, DC=com)) Example of filtering for users only in a geographic location (bold is the delta from default filter): (&(objectclass=person) (physicaldeliveryofficename=chicago (memberof:1.2.840.113556.1.4.1941: =CN=keeper, DC=ad1, DC=testdomain, DC=com)) Example of filtering out a specific user (bold is the delta from default filter): (&(objectclass=person) (!samaccountname=jjones)(memberof:1.2.840.113556.1.4.1941:=cn=keeper, DC=ad1, DC=testdomain, DC=com)) r 03.08.16 32

Contact You re ready to start using Keeper! For more detailed product tutorials for each specific platform, please refer to: www.keepersecurity.com/support and select Quick Start Guides. Keeper s support team is available 24x7 via Live Chat, email or phone. Please reference the contact information below. enterprise.support@keepersecurity.com (312) 226-4782 r 03.08.16 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback