> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up a Keeper connector

> C1 provides identity governance for Keeper. Integrate your Keeper instance with C1 for unified visibility and governance over user access.

C1 provides identity governance for Keeper. Integrate your Keeper instance with
C1 for unified visibility and governance over team membership.

## Capabilities

| Resource | Sync                                                          | Provision |
| -------- | ------------------------------------------------------------- | --------- |
| Users    | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |           |
| Teams    | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |           |

The connector reads each Keeper user, each team, and the membership of every
team through the Keeper SCIM 2.0 API.

## Gather Keeper credentials

<Warning>
  You need Keeper Administrator permissions on the node you want to sync, with the
  ability to configure provisioning.
</Warning>

<Steps>
  <Step>
    Sign in to the [Keeper Admin Console](https://keepersecurity.com/console)
    and select the node you want C1 to sync.
  </Step>

  <Step>
    Open the node's **Provisioning** tab and add a **SCIM** provisioning method.
    Keeper generates a SCIM endpoint URL and a bearer token.
  </Step>

  <Step>
    Copy the **bearer token**. From the endpoint URL
    `https://<domain>/api/rest/scim/v2/<node-id>`, note the **domain** (your
    Keeper region host, for example `keepersecurity.com`) and the **node ID**
    (the number at the end of the path).
  </Step>
</Steps>

## Configure the Keeper connector

<Tabs>
  <Tab title="Cloud-hosted">
    Follow these instructions to use a built-in, no-code connector hosted by C1.

    <Steps>
      <Step>
        In C1, navigate to **Integrations** > **Connectors** and click **Add connector**.
      </Step>

      <Step>
        Search for **Keeper** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new Keeper connector.
      </Step>

      <Step>
        Set the owner for this connector.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        Find the **Settings** area of the page and click **Edit**.
      </Step>

      <Step>
        Enter the Keeper credentials:

        * **Keeper domain**: your Keeper region host, for example `keepersecurity.com`.
        * **Node ID**: the node identifier from the SCIM endpoint URL.
        * **SCIM token**: the bearer token generated when you added SCIM provisioning.
      </Step>

      <Step>
        Click **Save**.
      </Step>

      <Step>
        The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
      </Step>
    </Steps>

    **Done.** Your Keeper connector is now pulling access data into C1.
  </Tab>

  <Tab title="Self-hosted">
    Follow these instructions to run the Keeper connector in your own
    environment.

    <Steps>
      <Step>
        Create a secret for the Keeper SCIM token.
      </Step>

      <Step>
        Configure the connector with your Keeper domain, node ID, and the SCIM
        token secret.
      </Step>

      <Step>
        Deploy the connector using your standard self-hosted connector process.
      </Step>
    </Steps>

    **Done.** Your Keeper connector is now pulling access data into C1.
  </Tab>
</Tabs>