Keeper Security has introduced Keeper Workflow within its KeeperPAM product, adding approval-based controls for privileged access.
The launch comes as companies face tighter scrutiny over how staff and software agents access sensitive systems and data.
Keeper Workflow is designed to let administrators control how privileged access is requested, approved and used. It allows organisations to apply time-limited checkout rules for privileged resources and enforce approval steps before a user can connect to a protected system.
The tool sits inside KeeperPAM, Keeper Security's privileged access management platform, and is intended to give security teams a more structured process for handling access to sensitive accounts, databases, infrastructure and business systems.
Access controls
Under the new workflow, users can request access through the Keeper Vault or the Keeper Commander command-line interface. Designated approvers can then approve or reject those requests through Keeper's web vault, desktop app or mobile app.
The system can also require multi-factor authentication before a connection is established after approval. Requests are managed through a central notification centre, while integrations with Slack, Microsoft Teams, Jira and ServiceNow are intended to let security staff handle approvals within existing operational tools.
Another part of the release is a single-user mode with time-limited access. This setting is designed to restrict a protected resource to one authorised user at a time for a set period. After access ends, credentials can be rotated automatically, helping to remove standing privileges.
Keeper Security is positioning the launch around the growing use of AI agents in business systems. It argues that each agent creates a new identity, a new attack surface and added compliance demands for organisations already managing large numbers of human users and service accounts.
"AI is no longer just a productivity tool; it is a permanent and foundational layer of the modern enterprise technology stack," said Darren Guccione, Chief Executive Officer and Co-founder of Keeper Security.
"With Keeper Workflow, we are enforcing the boundaries of AI and human access. This is zero trust in practice: structured, auditable and built to determine exactly when and if an identity is allowed to act inside the enterprise infrastructure," Guccione said.
Regulated sectors
The feature is aimed at IT administrators and security teams in heavily regulated sectors including financial services, healthcare and government. In those environments, organisations often need formal approval records before granting elevated access to compliance-sensitive systems.
The workflow can also be used to limit access to critical servers and infrastructure resources to a single person during a defined maintenance or operational window. This approach is suited to systems where concurrent access raises operational or security risks.
Privileged access management has become a central part of cyber defence as companies seek to reduce the number of permanent high-level permissions across their networks. Security teams have been moving towards just-in-time access models that grant elevated rights only when needed, and for limited periods, to reduce the damage caused by compromised credentials, insider misuse and ransomware attacks.
Competition in the sector has intensified as vendors adapt their tools for cloud services, remote administration and machine identities. The rise of AI agents adds another layer to that shift, as automated systems increasingly need access to applications, infrastructure and data stores once used mainly by human administrators.
Keeper Workflow was built to fit within the company's existing architecture rather than as a separate layer. The feature is available with Vault 17.6 inside KeeperPAM.
"Keeper Workflow was built to bring structured governance to privileged access without compromising our zero-knowledge architecture," said Craig Lurey, Chief Technology Officer and Co-founder of Keeper Security.
"Because it's natively integrated within KeeperPAM, organisations can enforce approval-based access controls and eliminate standing privilege with a solution that is both easy to deploy and simple to operate at scale," Lurey said.