I'm having SCIM Provisioning Issues with Teams and Users.

Please see below notes:

  1. Ensure that you have assigned users or groups to the SAML application.
  2. When you invite a user from the identity provider or assign a user into a group that has been provisioned, the IdP will send the request to Keeper to either invite a user to join, or to add a user to a team, or to create a team.
  3. If the user does not exist yet in Keeper, they will receive an invite to sign up (or they can use just-in-time provisioning)
  4. After the user has created their Keeper account, the user will not yet be assigned into a Keeper team until one of a few things happen: (a) Admin logs into the Admin Console > Click on "Full Sync" from the Admin screen (b) A user from the relevant team logs into the Web Vault or Desktop App (c) Admin runs team-approve from Keeper Commander The reason that teams and users can't be created instantly via SCIM, is due to the encryption model and the need to share a private key between users. Sharing an encryption key (e.g. Team Key) can only be performed by a user who is logged in, and has access to the necessary private keys.

Note: We are currently in development of automation tools to assist in the instant approval of Teams and team assignments. We'll post updates when this is available.

Still need help? Contact Us Contact Us