Keeper 101 | Enterprise - How to Set Role-based Access and Controls in Keeper

Keeper 101 | Enterprise - How to Set Role-based Access and Controls in Keeper

May 30, 2024

Learn how to set role-based access and controls in Keeper with our step-by-step guide.

Learn more about Keeper at: https://www.keepersecurity.com/
View our Keeper End-User Guides here: https://docs.keeper.io/user-guides/
Subscribe to Keeper: https://www.youtube.com/channel/UCKBCmTYm0iTX-eRuCK_s6qg
Follow us on X: https://twitter.com/keepersecurity
Like us on LinkedIn: https://www.linkedin.com/company/keeper-security-inc-/
Follow us on TikTok: https://www.tiktok.com/@keepersecurityinc
Follow us on Instagram: https://www.instagram.com/keepersecurity/
___________________________________________________________________________________________________
Transcript

In Keeper’s architecture, Roles and Teams are separate concepts. A Role defines permissions, policies and what features and security settings apply to users. Roles also define the administrative capabilities of those users. Teams are specifically used for sharing privileged accounts among users within the vault. Teams and Roles can be linked to automatically assign a role policy to all members of a team.

Administrators will need at least one role defined for their users, but you can create as many as you would like depending on the structure of your organization. Roles can be created to support a variety of policies depending on what enforcements should be applied to users based on their positions, such as administrators and executives.

The root node will provision two default roles to start, the “Keeper Administrator” role and the “All Users” role.

To add a role, simply click Add Role from within the Roles tab. From the dropdown, select the node you want to add the role to; provide a name and click Add Role. To configure enforcement policies for a role, select the role, then click Enforcement Policies. Next, a series of screens allow you to configure the Enforcement Policies that will be applied to the selected role. As you can see, the policies are organized into a number of key categories including: Log in Settings, Platform Restrictions, Vault Features, and Creating and Sharing. For convenience, you can also duplicate a role from the “Options” menu. This will create a new role with the same enforcement policies.

It’s also important to note the use of “delegated administration’” using Administrative Permissions. Administrative Permissions grant rights to specific users in order to perform administrative functions within the admin console. A role can be given Administrative permissions over the node or sub-nodes for which a role exists.

To assign administrative permissions to a role such as this, Secondary Administrator role, click Administrative Permissions and Add Managing Notes. Choose the node it will manage from the dropdown and click OK. Next, use the checkboxes to set the permissions. When “Cascade Node Permissions" is selected, the permissions will be applied to all sub-nodes of the parent node. Click Save to finish.