Keeper Security — Independent Software Review

Revolutionizing privileged access management

Compliance Transparency Index

Grade: A — Score: 95/100

Best For

• Organizations of any size that need a password manager with zero-knowledge encryption and a clear upgrade path from basic vaulting ($2/user/month) through full PAM with session recording and secrets management.
• IT teams in regulated industries (healthcare, finance, government). Keeper holds SOC 2 Type 2, ISO 27001/27017/27018, FedRAMP Authorized, HIPAA compliant, PCI DSS, and FIPS 140-3 certifications.
• DevOps and engineering teams managing infrastructure secrets. Keeper Secrets Manager integrates with CI/CD pipelines, IaC tools, and ITSM platforms to eliminate hard-coded credentials.
• MSPs and MSSPs. KeeperMSP provides multi-tenant management for password vaults and privileged access across client organizations.

Not Ideal For

• Teams that need an all-inclusive price. Core password management is affordable, but BreachWatch, Advanced Reporting, Compliance Reports, and other features are separate add-ons that increase the effective per-user cost.
• Organizations looking for an open-source or self-hosted password manager. Keeper is proprietary, cloud-only SaaS with no on-premises deployment option (except FedRAMP/GovCloud environments).
• Very small teams (under 5 users) on a tight budget. Business Starter requires a minimum of 5 users. Individual plans exist but lack admin console features.
• Businesses that only need PAM without password management. KeeperPAM is bundled with the password vault and cannot be purchased as a standalone PAM product.

Operational Overview

Pricing Structure

Business Starter: $2.00/user/month (billed annually)

• 5-10 users
• Encrypted vault and admin console
• Credential sharing and autofill
• Password and passkey sharing
• Bidirectional One-Time Share
• Time-limited access and self-destructing records
• Browser extension and native desktop app
• iOS and Android apps

Business: $4.00/user/month (billed annually)

• All Business Starter features, plus:
• Shared team folders
• Delegated administration
• Advanced organizational structure and integrations
• Free Family Plan for every user

Enterprise: $6.00/user/month (billed annually)

• All Business features, plus:
• Advanced provisioning (SCIM, AD/LDAP, SSO/SAML)
• Advanced two-factor authentication
• Role-based access control (RBAC)
• Developer APIs
• Vault transfer

KeeperPAM: Custom (Request a Quote)

• Full PAM platform including all Enterprise features, plus:
• Secrets management for CI/CD, IaC, ITSM, and MCP for AI agents
• Automated credential rotation
• Session management, tunneling, and remote browser isolation
• Database management
• Endpoint privilege management ($36/endpoint/year as standalone add-on)
• KeeperAI agentic threat detection and response

Alternative Consideration

Consider switching to CyberArk: CyberArk is a well-established competitor with a strong focus on enterprise-level privileged access solutions.

Frequently Asked Questions

How does Keeper Security compare to 1Password for business?

Keeper starts at $2.00/user/month (Business Starter) and scales through $4.00 (Business) and $6.00 (Enterprise), all billed annually. 1Password Business costs $7.99/user/month with dark web monitoring included. Keeper charges separately for features like BreachWatch ($24/user/year) and Advanced Reporting ($12/user/year), while 1Password bundles these into its base price. Keeper's key advantage is its upgrade path to KeeperPAM for privileged access management, secrets management, and session recording, which 1Password does not offer.

How does Keeper Security compare to Bitwarden?

Keeper Business and Bitwarden Teams both cost $4.00/user/month, and both Enterprise plans cost $6.00/user/month. Keeper Business includes a free Family Plan for every user (worth roughly $103/year) that Bitwarden does not match. Bitwarden is open-source with a self-hosting option, while Keeper is proprietary and cloud-only. Keeper holds FedRAMP Authorization and FIPS 140-3 validation, which are required for U.S. government deployments and give it an edge in regulated environments.

Is Keeper Security a standalone PAM solution or does it require the password manager?

KeeperPAM is not available as a standalone product. It builds on top of the Enterprise password management tier and adds secrets management, automated credential rotation, session recording, remote browser isolation, endpoint privilege management, and database management. Organizations that only need PAM without a password vault cannot purchase KeeperPAM separately.

What compliance certifications does Keeper Security hold?

Keeper holds SOC 2 Type 2 (over 10 years running), SOC 3, ISO 27001/27017/27018, FIPS 140-3, PCI DSS, and TrustArc privacy certification. It is FedRAMP Authorized at the Moderate impact level (since August 2022) and GovRAMP Authorized. Keeper is GDPR, CCPA, and HIPAA compliant, and supports ITAR requirements through its FedRAMP environment hosted on AWS GovCloud.

Does Keeper Security offer a free trial?

Yes. Keeper offers a 14-day free trial for business plans with no credit card required. The trial includes full access to the selected plan's features. Personal and Family plans also have trial options. Free tools are available without any account, including a password generator, passphrase generator, personal dark web scan, and business dark web scan.

What are Keeper Security's add-on costs for business plans?

Keeper's core password management plans start at $2.00/user/month, but several security features are priced as separate annual add-ons: BreachWatch (dark web monitoring) at $24/user/year, Advanced Reporting and Alerts at $12/user/year, Compliance Reports at $12/user/year, Endpoint Privilege Manager at $36/endpoint/year, KeeperChat (encrypted messaging) at $24/user/year, and Secure File Storage starting at $132/year. Secrets Manager and Connection Manager are custom-priced.

Does Keeper Security support SSO and SCIM provisioning?

SSO (via SAML) and SCIM provisioning are available on the Enterprise plan ($6.00/user/month billed annually) and KeeperPAM. Keeper SSO Connect integrates with identity providers including Microsoft Entra ID (Azure AD), Okta, Google Workspace, and any SAML 2.0-compliant provider. Active Directory and LDAP sync are also Enterprise-only features. The Business Starter and Business plans do not include SSO or SCIM.

Can MSPs use Keeper Security to manage client environments?

Yes. KeeperMSP is a dedicated multi-tenant platform for managed service providers. It provides separate vaults per client, centralized administration across all client organizations, delegated permissions, and shared team folder management. Keeper also offers a Privileged Access Manager for MSPs (KeeperPAM for MSPs) that extends secrets management and session recording to managed client infrastructure.