#1654 Support for Multiple Windows Users

Josh Dawson

We are a small company that uses KeePass and we'd like to see support for logging in with various Windows credentials from our domain. Is this a feature that could be implemented easily? It would make KeePass a more feasible password storage solution in an enterprise.


  • Paul

    Paul - 2012-10-27

    KeePass allows you to use the Windows User Account as a master password, but it cannot create a shared password for a common database.

    cheers, Paul

  • Iain Hallam

    Iain Hallam - 2013-02-08

    This would be really useful, especially if we could control access to entries/entry groups via Active Directory security groups.

  • Paul

    Paul - 2013-02-09

    The KeePass encryption model does not allow multiple levels of access. You can either use the database or not.
    You need something other than KeePass is you want multi level access.

    cheers, Paul

  • Geoff

    Geoff - 2013-04-18

    I've just noticed the Windows user KeePass functionality.

    Does it not just use the GUID for the windows account? or similar? Could there not be an option to allow access if the user is a member of a certain AD group?

    That way we could grant or deny access to KeePass databases via active directory groups, and becuase there is no password, employees can't 'Steal' the entire database if they leave!

    No AD group membership = no kepass access!

    It would be an AMAZING feature!

  • Geoff

    Geoff - 2013-04-18

    ...I'm sure groups have GUIDs like user accounts do?

    Surley we could have a button to allow us to pic a group, then associate the kepass database with that instead of user guid?

  • Paul

    Paul - 2013-04-21

    No, KeePass uses a key created by Windows. There is no equivalent for AD groups.

    This has been suggested before and the recommended solution would be for someone to write a plug-in. No-one has attempted this AFAIK.

    cheers, Paul

  • Richard Gunn

    Richard Gunn - 2015-07-14

    I can see a huge benefit for keepas to allow domain groups access. There isn't any other party that is as simple and useful as keepass right now, and adding domain req's would be huge.

    I know for my company, 2,600 employee's, we would absolutely use the feature.

  • Paul

    Paul - 2015-07-15

    Then fund its development via a plug-in.
    You could try the MultiCertKeyProvider or use it as a template for a group membership key.

    cheers, Paul


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks