Keeper launches Teams app for access approval workflows

Keeper Security has launched the Keeper Teams App for Microsoft Teams, adding privileged access request and approval workflows to the collaboration platform.

The product is aimed at organisations that manage access requests through email, IT tickets or separate portals, where approval trails and controls can become fragmented.

The app lets users initiate and approve access actions inside Teams instead of moving between systems. It links Microsoft's workplace software with Keeper Vault and Keeper Endpoint Privilege Manager.

It supports five main workflows: requests for access to specific vault records or shared folders; one-time share requests for passwords or secrets; approvals for endpoint privilege elevation; approvals for SSO Cloud device requests; and the creation of new login records with automatically generated passwords.

For record and folder requests, users can submit a justification, request specific permissions and set a time-limited access window. When the request covers a PAM User record or folder, approvers see an auto-rotation option enabled by default, with credentials rotating after the access window ends.

One-time share requests can generate self-destructing links for passwords or secrets. The app also routes just-in-time elevation requests from Endpoint Privilege Manager to approvers through a dedicated Teams channel.

Another workflow covers SSO Cloud device approvals for administrators when the Keeper Automator service is not deployed. Users can also create new login records directly from Teams and save them to a designated shared folder in the Keeper Vault.

Mixed environments

The Teams app is designed for environments that use both Classic shared records and Nested Shared Folder records. Search results identify which type of item is involved, while the approval screen presents the relevant permission model for each record type.

For Classic items, standard permissions apply. For Nested Shared Folder records, the app displays role-based options including viewer, share-manager, content-manager and full-manager.

Craig Lurey, Chief Technology Officer and Co-founder at Keeper Security, said the aim was to reduce the temptation for employees to bypass formal security processes.

"The weakest point in any access control strategy is the moment a user decides to work around it because the approved process is too cumbersome or slow," said Craig Lurey, Chief Technology Officer and Co-founder at Keeper Security.

"By embedding approval workflows directly into Teams, we removed the friction that drives those workarounds, so the secure path and the fast path are one and the same," Lurey said.

Customer-hosted model

Customers deploy the app through Docker alongside Keeper's Commander Service Mode on their own infrastructure. This means credentials and secrets do not pass through Keeper's cloud environment.

Configuration is secured and retrieved through Keeper Secrets Manager. A setup command in Keeper Commander automates deployment.

The launch also extends Keeper's list of workflow integrations with workplace and IT tools. Jira, ServiceNow and Slack are among the other products connected to its access governance software.

Keeper positioned the Teams launch around the widespread use of collaboration software since the pandemic and the scale of Teams usage in Asia Pacific. It said there are an estimated 70 million to 90 million Microsoft Teams users in the region alone.

The Teams app is available to organisations with a Keeper Secrets Manager or KeeperPAM licence.