SSO (Single sign-on) products provide a digital handshake which allow users to sign in to 3rd party SAML-compatible cloud services, without the need to enter a password. In addition to providing this capability, some SSO identity providers also provide a basic level of password management for websites that do not use SAML. In some cases the password management features inside SSO products are not providing a zero-knowledge solution. This is why we created Keeper SSO Connect.
Keeper SSO Connect is an encryption key management application that runs on-premise. It can be installed on a physical appliance (server) or virtual machine (VM). Keeper SSO Connect supercharges the capabilities of SSO Identity Providers with a powerful password management solution. Keeper provides full zero-knowledge encryption and storage of user-generated passwords and private information.
Keeper, as a zero-knowledge security provider, has no ability to decrypt user records, files, or data stored within the Keeper Vault.
Keeper SSO Connect is not vulnerable to the attack that recently affected OneLogin for one simple reason: the keys necessary to decrypt user records are never made available to Keeper, either through our standard Vault product or through Keeper SSO Connect.
Authorization and encryption keys are derived on the device separately from the user’s master password. Neither the master password nor the encryption key is ever transmitted or stored in Keeper’s vault or cloud storage – the encryption key and master password remains in the client’s control and possession in both Keeper’s standard products and Keeper SSO Connect.
Even if the encrypted data stored in Keeper’s vault were be obtained by a hacker or obtained by a third party, the hacker would need the user’s master password and/or encryption key to decrypt the data – and these are not stored anywhere in Keeper’s vault or databases.
Keeper SSO Connect integrates with leading SSO solutions like Azure ADFS, F5 BIG-IP APM, Okta, Ping Identity and Centrify.