LogoLogo
Enterprise Guide
Enterprise Guide
  • Getting Started
  • Start Your Trial
  • Resources
  • Keeper for Teams and Small Business
  • Keeper Enterprise
  • Implementation Overview
  • Domain Reservation
  • Deploying Keeper to End-Users
    • Desktop Applications
      • Launch on Start Up
    • Browser Extension (KeeperFill)
      • Mac
        • PLIST (.plist) Policy Deployment
          • Jamf Pro Policy Deployment - Chrome
          • Microsoft Intune Policy Deployment - Chrome
      • Linux
        • JSON Policy Deployment - Chrome
      • Windows
        • Group Policy Deployment - Chrome
        • Group Policy Deployment - Firefox
        • Group Policy Deployment - Edge
        • SCCM Deployment - Chrome
        • Intune - Chrome
        • Intune - Edge
        • Edge Settings Policy
        • Chrome Settings Policy
      • Virtual Machine Persistence
    • Mobile Apps
      • IBM MaaS360
    • Optional Deployment Tasks
    • IE11 Trusted Sites
  • End-User Guides
  • Keeper Admin Console Overview
  • Nodes and Organizational Structure
  • Risk Management Dashboard
  • User and Team Provisioning
    • Custom Invite and Logo
      • Custom Email - Markdown Language
    • Simple Provisioning through the Admin Console
    • Active Directory Provisioning
    • LDAP Provisioning
    • SSO JIT (Just-in-Time) Provisioning
    • Okta Provisioning
    • Entra ID / Azure AD Provisioning
    • Google Workspace Provisioning
    • JumpCloud Provisioning
    • CloudGate Provisioning
    • OneLogin Provisioning
    • Microsoft AD FS Provisioning
    • API Provisioning with SCIM
      • Using SCIM API Provisioning
    • Team and User Approvals
    • Email Auto-Provisioning
    • CLI Provisioning with Commander SDK
  • SSO / SAML Authentication
  • User Management and Lifecycle
  • Email Address Changes
  • Roles, RBAC and Permissions
    • Enforcement Policies
    • Security Keys
  • Delegated Administration
  • Account Transfer Policy
  • Teams (Groups)
  • Sharing
    • Record and File Sharing
    • Shared Folders
    • PAM Resource Sharing
    • One-Time Share
    • Share Admin
    • Time-Limited Access
    • Self-Destructing Records
    • Hiding Passwords
  • Creating Vault Records
  • Importing Data
  • Record Types
  • Two-Factor Authentication
  • Storing Two-Factor Codes
  • Security Audit
    • Security Audit Score Calculation
  • BreachWatch (Dark Web)
  • Secure File Storage & Sharing
  • Reporting, Alerts & SIEM
    • Event Descriptions
    • Splunk
    • Sumo Logic
    • Exabeam (LogRhythm)
    • Syslog
    • QRadar
    • Azure Monitor
    • Azure Sentinel
    • AWS S3 Bucket
    • Devo
    • Datadog
    • Logz.io
    • Elastic
    • Firewall Configuration
    • On-site Commander Push
  • Recommended Alerts
  • Webhooks
    • Slack Webhooks
    • Teams Webhooks
    • Amazon Chime Webhooks
    • Discord Webhooks
  • Compliance Reports
  • Vault Offline Access
  • Secrets Manager
  • Commander CLI
  • Keeper Connection Manager
  • KeeperPAM Privileged Access Manager
  • Keeper Forcefield
  • KeeperChat
  • Keeper MSP
    • Free Trial
    • Getting Started
    • Fundamentals
    • Consumption-Based Billing
      • Secure Add-Ons
      • Existing MSP Admins
    • Onboarding
    • PSA Billing Reconciliation
    • Join the Slack Channel
    • Next Steps
    • Offboarding
    • Commander CLI/SDK
    • Account Management APIs
    • Provision Family Plans via API
    • MSP Best Practices
  • Free Family License for Personal Use
    • Provision Family plans via API
    • Provision Student plans via API
    • API Troubleshooting
      • API Parameters
      • API Response Codes
      • API Explorer - Swagger
  • Keeper Security Benchmarks and Recommended Security Settings
  • IP Allow Keeper
  • Keeper Encryption and Security Model Details
  • Developer API / SDK Tools
  • On-Prem vs. Cloud
  • Authentication Flow V3
  • Migrating from LastPass
  • Training and Support
  • Keeper SCORM Files for LMS Modules
  • Docs Home
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • Introduction
  • MSP’s and Managed Customers (MC’s)

Was this helpful?

Export as PDF

Keeper MSP

Keeper MSP is the most secure cybersecurity and password management platform for preventing password-related data breaches and cyberthreats.

PreviousKeeperChatNextFree Trial

Last updated 2 months ago

Was this helpful?

Introduction

Keeper MSP extends Keeper's Enterprise Password Management by allowing MSPs to manage multiple independent tenants, or "Managed Companies" (MCs), through a central console.

To serve the MSP market, Keeper Security developed an enterprise-class, purpose-built solution. This system enables MSPs to manage and distribute Keeper's password management and security software. The enterprise version is designed for scalability and includes core features and functionalities required by MSPs, such as:

  • Organizational roles

  • Robust enforcement policies

  • Multiple provisioning methods

  • Full support for 2FA methods

  • Robust event logging, auditing and reporting capabilities

MSP’s and Managed Customers (MC’s)

KeeperMSP can support a wide spectrum of deployment models, from full service (“white glove” ) MSP’s who manage everything for their users all the way to pure resellers who do little or no administration for their clients.

Full Service Model

MSP Technicians have access to their MC’s Keeper Admin Console and thus have full rights to provision end users, set up MC-specific roles, login enforcements and teams for sharing credentials. These technicians may also choose to set-up a login credentials for users which can be done by sharing records from their private vaults to those of an MC. This allows an MSP to offer a fully integrated set of services that include a set of pre-configured login credentials they can keep updated if needed.

Reseller Model

In this model, resellers primarily act as distributors and sell Keeper software to customers who can administer the solution themselves. The MSP can designate an administrator user at the MC to handle all management of the system.

Hybrid Model

Both the MSP Technician and the MC Administrator can share responsibilities to manage the system. For frequently changing or highly-specific settings (e.g. which employees are in a team folder) the “local” MC administrator could manage. For large scale initial provisioning and configuration, the MSP may be better equipped to facilitate this with Keeper’s Active Directory bridge, SSO or other provisioning methods.

Keeper vaults can be provisioned by MSPs to every one of their customers - to protect every employee on every device they use. Keeper is the leading password management application in the industry - with unmatched security, cross-platform capabilities and top ratings by industry services, press and end users. This guide supplements the and details the specific functionality for MSP-level administration and license management. Please refer to the for a broader overview of Keeper software which covers core functionality at the Managed Company level.

Keeper Enterprise Guide
Enterprise Guide
KeeperMSP
Keeper MSP Review