Keeper Security Delivers Structured Governance for Humans and AI Agents with New PAM Approval Workflows in KeeperPAM

New Keeper Workflow capability within KeeperPAM gives administrators structured oversight and approval-based controls for privileged access across their organizations

CHICAGO, IL – May 13, 2026 – Keeper Security, the leading zero-trust and zero-knowledge Privileged Access Management (PAM) platform, today announces the availability of Keeper Workflow within KeeperPAM, enabling organizations to enforce approval-based access controls and time-limited checkout policies for privileged resources.Keeper Workflow gives administrators structured control over how privileged access is requested, approved and used, serving as a critical gatekeeper for the modern enterprise identity landscape.

As AI agents transition from experimental tools to foundational enterprise infrastructure, every agent introduces a new identity, attack surface and compliance obligation. Keeper Workflow is designed to meet this moment – bringing structured, approval-based controls to how privileged access is requested, approved and used across the enterprise. By embedding these controls directly into the KeeperPAM platform, organizations can move from ad hoc management to a scalable process that achieves zero standing privilege.

“AI is no longer just a productivity tool; it is a permanent and foundational layer of the modern enterprise technology stack,” said Darren Guccione, CEO and Co-founder of Keeper Security. “With Keeper Workflow, we are enforcing the boundaries of AI and human access. This is zero trust in practice: structured, auditable and built to determine exactly when and if an identity is allowed to act inside the enterprise infrastructure.”

Structured Controls for the Modern Perimeter

Keeper Workflow introduces capabilities designed to bring consistency and accountability to privileged sessions.

• Enhanced Access Control: Requires administrator or designated approver sign-off before a user can establish a connection or tunnel to a privileged resource. Requests are managed through a centralized notification center and can include Multi-Factor Authentication (MFA) requirements for establishing the connection, after approval is granted.
• Vault Approval Notifications: Users submit access requests directly from the Keeper Vault or through the Keeper Commander CLI. Designated approvers can receive notifications and approve or deny requests through the Keeper web vault, desktop app or mobile app. 3rd party integrations including Slack, Microsoft Teams, Jira and ServiceNow ensure that security teams can act within their existing workflows without switching platforms.
• Single-User-Mode and Time-Limited Enforcement: Limits access to a PAM protected resource on a time-limited basis, to one user at a time for a defined period. Once access is revoked, credentials can be automatically rotated, ensuring no standing privileges remain.

Together, these capabilities allow organizations to apply precise controls across their most sensitive environments, from regulated databases and critical infrastructure to business-critical applications and privileged administrative accounts.

Built for Modern Security Operations 

Keeper Workflow is designed for IT administrators and security teams in highly-regulated industries – such as financial services, healthcare and government – where manual oversight of privileged accounts is no longer viable. 

Key use cases include:

• Requiring formal approval before granting privileged access to compliance-governed systems.
• Restricting critical servers or infrastructure resources to a single authorized user for a defined window of time.
• Applying policy-consistent access controls to business-critical systems where concurrent access poses organizational risk.

“Keeper Workflow was built to bring structured governance to privileged access without compromising our zero-knowledge architecture,” said Craig Lurey, CTO and Co-founder of Keeper Security. “Because it’s natively integrated within KeeperPAM, organizations can enforce approval-based access controls and eliminate standing privilege with a solution that is both easy to deploy and simple to operate at scale.”

Keeper Workflow is available with the release of Vault 17.6 within KeeperPAM. For more information, visit KeeperSecurity.com.

About Keeper Security

Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, KeeperPAM®, is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognized for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organizations to defend against modern adversaries at KeeperSecurity.com.

Learn more: KeeperSecurity.com

Follow Keeper: Facebook Instagram LinkedIn X YouTube TikTok

Media Contact

Katherine Benfield
ICR for Keeper Security
KeeperSecurity@icrinc.com