Shared Credentials via Keeper
Not sure how to achieve what we'd like - or indeed if it's possible.
General setup:
- Shared Data Source (Azure SQL)
- Keeper Credential Repository
- Small team each with Keeper logon, wanting single click to access to shared resources, sometimes using personal credentials, sometimes using shared credential (e.g. network admin account)
For instance, we want a resource "Mail Server - Admin" and "Mail Server - User"; the former will log people on using the admin credentials, the latter using their own personal credentials.
Happy with the latter - Personal Vault credential entry called "Mail Server - User", linking to private (non-shared) entry in Keeper, and the "Mail Server - User" resource configured to do a "Private vault search" for the credential name. Everyone maintains their own password in their private folder of Keeper for that entry and all good.
But struggling to understand how to have a shared entry to use the admin credentials without a lot of effort. Comes down to not seeing how to have a single credential entry to Keeper with user-specfic details (i.e. to authenticate with Keeper) and then have the "Mail Server - Admin" resource configured to use an entry from the shared folder in Keeper which has been authenticated using the user's private credentials.
Am I making sense? Basically we want a resource that everyone can access, configured to use a credential entry which gets it's details from Keeper, where the credentials used to authenticate with Keeper are the user's personal Keeper credentials.
Thought we had it sussed by setting up a credential entry for Keeper using someone's details and then setting "User Specific Settings" on that Keeper credential. But it seems those user settings don't override the credentials used to access Keeper - they simply directly provide the credentials entered to the resource configured to use that Keeper credential thus going nowhere near Keeper in the process.
I guess we could do it by having a shared logon to Keeper - so everyone uses that Keeper credential with the shared logon to access anything in the Keeper shared folder. But is there another/better way to achieve what we're after?
I've read the support doc on "Credential Management for Teams" but don't see how that relates to a 3rd party credential repository with individual logins and a shared folder within.
Would have loved to override the Keeper credentials with user-specific details.
All Comments (4)
Hello,
I think I understand what you would need. If you take for example the CyberArk credential, there is the possibility to set "Use My Account Settings", which are user-defined properties that can be found in File > My Account Settings, under the "settings" section. I attached two screenshots from the CyberArk credential entry and the window that opens for the Cyberark My Account Settings.
We can add this feature for the Keeper credential without problem. I think it would solve your issue, as you would only need to set your Keeper entry with "Use My Account Settings" and make your users set their credentials for it.
Regards,
Hubert Mireault
2.png
1.png
Aha, yes, that does indeed sound like it would be exactly what we are after. Didn't know about those "My Account Settings" options but if Keeper could be added to that, that would be brilliant.
In the meantime, we'll push on using a set of common/shared Keeper credentials which I think will do, but is less preferable to your plan :-)
Thanks.
We'll work on adding this feature then. I'll let you know once we've made the changes. :)
Regards,
Hubert Mireault
Hello,
We will have the "use my account settings" option available for Keeper starting with RDM 2019.1.42.0. If you encounter any issue with it, please let us know.
Regards,
Hubert Mireault