Introducing Time-Limited Access

Introducing Time-Limited Access

Apr 3, 2024

As an enhancement to Keeper’s secure sharing capabilities, Time-Limited Access allows you to securely share credentials or secrets with other Keeper users on a temporary basis, automatically revoking access at a specified time. Time-Limited Access prevents long standing privileges and ensures that information is removed from the recipient’s vault, greatly reducing the risk of unauthorized access.

Time-Limited Access brings several key benefits to users and administrators:

Revoked access at a specified time designated by the record owner, minimizing the workload on the owner to remove the share at a later time.
Enhances security as traditional short term sharing has been done in insecure ways like using sticky notes, text messages or instant messengers.
Simplified compliance with event tracking on all sharing activity, ensuring least privilege access is maintained.

To share a record with another user for a specified period of time, select the record and share it with the user as you normally would by clicking Share, entering their email address or selecting it from your contacts list. Set their permission level and click Add.

Once the user is added, select the “Permissions” dropdown and click Set Expiration. Here you can select one of the default expirations such as 1 day or 1 month or click custom date and time to set your own. Next, check the box if you would like the record owner, such as yourself or users with edit access to be notified via email when the recipient's record access expires. Click Done to save.

It’s important to note that the recipient of a shared record with time-limited access may have “view” and “edit” permissions but will not be able to share the record. Similarly for shared folders, the ability to manage users is restricted. If these permissions are applied, the expiration will be removed.

You can set different expirations for each user or apply the same expiration to multiple users at once in a bulk action.

If you would like to share an entire folder with another user for a limited period of time, click the edit icon and from the “Users” tab, add the user or team you would like to share the folder with. Set their permissions and from the dropdown menu click Set Expiration, following the same steps you would for a single record share.

Combining Time-Limited Access with Keeper Secrets Manager provides privileged users with elevated access and powerful sharing functionality. When paired with KSM’s automatic service account rotation capabilities, users can schedule rotation of the shared credential upon the expiration of access, ensuring the recipient never has standing privilege.

By limiting the amount of time users have access to records, Keeper’s Time-Limited Access helps organizations achieve compliance, while end-users can breathe easy knowing that their records are shared securely.

Learn more about Keeper at:
keepersecurity.com

View our Keeper End-User Guides here:
docs.keeper.io/user-guides/

View our Keeper Enterprise Guide here:
docs.keeper.io/enterprise-guide/