Skip to main content
Indiana Wesleyan University Support Knowledge Base

Keeper Security _ PAM

  1. Last updated
  2. Save as PDF

Summary

KeeperPAM is a modern, cloud-based platform designed to secure, control, and monitor privileged access to systems such as servers, network devices, and web applications. (Keeper Docs)

Rather than accessing systems directly using stored credentials, Keeper introduces a centralized, vault-based approach where access is granted through controlled, auditable sessions.

Why We Are Implementing PAM

Privileged accounts (such as admin or root access) represent one of the highest-risk areas in any environment. These accounts provide elevated permissions and are a primary target for attackers. (Wikipedia)

How Keeper PAM Works in Our Environment

Keeper integrates privileged access directly into the Keeper Vault, where both credentials and connection methods are securely stored and managed together. (root security.eu)

Within our deployment:

  • Access to systems will be launched from Keeper

    • RDP (Windows servers)

    • SSH (network and Linux systems)

    • Web UIs (HTTPS applications)

  • Credentials are not exposed to users

    • Access is brokered through secure sessions

    • Users connect without needing to know or handle passwords

  • Access is controlled and auditable

    • Permissions are assigned based on roles

    • Sessions can be monitored and logged

    • Access can be time-limited or revoked as needed (Keeper Docs)

  • Infrastructure access is organized via “records”

    • Systems, devices, and applications are represented as PAM resource records in Keeper

    • These records define how connections are made without exposing underlying secrets (Keeper Docs)

What This Means for You

Going forward, Keeper will be the primary method for administering systems using RDP, SSH, and web interfaces.

Instead of:

  • Logging in directly with saved credentials

  • Using shared passwords

  • Connecting outside of a controlled process

You will:

  • Launch access sessions directly from Keeper

  • Use assigned records and folders in your Vault

  • Operate within a secure, monitored environment

Preparing to Use PAM    

Before you begin using Privileged Access Management (PAM) in Keeper, there are a few important setup steps and recommendations to ensure a smooth and consistent experience.

1. Install the Keeper Desktop Application (Recommended)

While Keeper can be accessed through a web browser, we strongly recommend using the Keeper Desktop Application for PAM-related activities.

Why use the Desktop App?

  • Improved performance: Native session launches (RDP, SSH, and browser sessions) are typically faster and more stable than browser-based workflows.

  • Consistency: Eliminates variability caused by different browsers, extensions, or local browser configurations.

  • Fewer compatibility issues: Reduces the risk of session launch failures tied to pop-up blockers, cookie settings, or security plugins.

  • Better handling of secure sessions: The desktop app is optimized for launching and managing privileged sessions without relying on browser behavior.

👉 In short: the Desktop App provides a more reliable and supportable experience for administrative access.

2. Log In and Verify Access

Once installed:

  • Sign in using your organizational Keeper account

  • Confirm that your Vault is populated with PAM records and/or shared folders

You may begin seeing:

  • New folders (e.g., systems, networking, or application groupings)

  • Individual records corresponding to systems you manage

clipboard_e9a7286ac0ca8396e91ba11a8f299ea07.png

If you do not see expected access, contact the ISO. 

3. Understand Your Vault Structure

PAM access is organized within Keeper using:

  • Folders → Groupings of systems or environments

  • Records → Individual systems, devices, or applications

Each record represents a managed resource and contains the configuration needed to:

  • Launch RDP sessions (Windows servers)

  • Initiate SSH connections (Linux/network devices)

  • Open secure web UI sessions (HTTPS)

You will not need to manage or view underlying credentials directly.

5. What to Expect Next

As the PAM rollout continues:

  • Additional records and access will appear in your Vault

  • You will begin launching all privileged sessions directly from Keeper

  • Formal training and walkthroughs will be provided


By completing these steps and using the Keeper Desktop Application, you’ll ensure a consistent, secure, and efficient experience when accessing critical systems through PAM.

Initiating A Connection 

Once you have access to PAM records in your Keeper Vault, launching a secure session (RDP, SSH, or web UI) is straightforward. All connections are initiated directly from Keeper and use credentials stored in your personal vault.

1. Locate the Target System

Begin by navigating to your Keeper Vault.

  • Open the appropriate folder (e.g., PAM – SDT, PAM – Systems General, etc.)

  • Select the system you want to access

Each system will appear as a PAM Machine record, similar to what is shown below:

  • System name (e.g., DEV-APP06)

  • IP address or hostname

  • Protocol type (RDP, SSH, HTTPS)

This is your entry point for launching a session.

clipboard_e653a25e03b2de61ff603f027e43f01b0.png

2. Open the Record and Select “Launch”

Click on the system record to open its details pane.

On the right-hand side, you will see:

  • The configured protocol (e.g., RDP)

  • Connection details (IP, port, gateway status)

  • A “Launch” button

Click Launch to begin the connection process.

3. Select Your Credentials

After clicking Launch, you will be prompted to select credentials.

  • A list of available credentials from your personal Keeper Vault will appear

  • Use the search/filter box if needed

  • Select the appropriate credential for the system you are accessing

🔐 Important:

  • You must use credentials that exist in your own vault

  • Shared or team credentials will only appear if they have been explicitly shared with you

  • PAM does not expose passwords directly—credentials are securely injected into the session

clipboard_ed094341caafc4f402521598019dd48f8.png

4. Session Initialization

Once credentials are selected:

  • Keeper will begin establishing the session through the configured PAM Gateway

  • A connection window will launch automatically

You may briefly see a loading or initialization screen as the secure session is created.

clipboard_eaf861223564d8e55b3e1557b5d1d721d.png

5. Active Session

After initialization completes:

  • Your RDP/SSH/web session will open in a new window

  • You will be authenticated automatically using the selected credentials assuming your credentials are valid for the system.  It is important to always use your provisioned ADMIN.x accounts.

  • No manual password entry is required

All activity occurs within a secure, brokered session managed by Keeper.

Key Notes

  • All access must be initiated through Keeper — direct connections are not permitted for privileged systems (Enforcement data TBD)

  • Credentials remain protected and are never exposed to the user

  • Sessions are auditable, providing visibility into access and activity

  • If you do not see the correct credentials or cannot launch a session, contact the Josh Richardson or Michael Raver
     

This process will become the standard method for accessing all privileged systems moving forward.

 

Deploying A PAM Gateway 

Once you have access to PAM records in your Keeper Vault, launching a secure session (RDP, SSH, or web UI) is straightforward. All connections are initiated directly from Keeper and use credentials stored in your personal vault.

 

Last Updated: 11/25/25

 

 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
  2. Tags
    This page has no tags.