Offboarding workflow for team members?

Are there any resources for advising on offboarding of 1Password team members?

Our policy here is to transition the accounts on third-party resources of employees on their final day, and operations staff are responsible for ensuring accounts have passwords changed, are deleted (if possible) or made dormant, and any process or resource ownership is transitioned to another team member.

An administrative user

  • creates a new temporary vault that can be written to by the departing user and the admin user

then, sitting with the departing team member, an administrative user

  • ensures the user removes any personal/non-business entries stored in the "Private" vault
  • moves all other entries into the temporary vault
  • goes through the entries in the vault and checking that the user does not have 2FA enabled with personal phone/apps - and switching if so

then the administrative user

  • removes the departing member's access to the temporary vault
  • suspends the user
  • moves the content of the temporary vault to a "Former Team Members" vault available to appropriate admins
  • deletes the temporary vault
  • generates a usage report
  • goes through the usage report to identify shared passwords that should be changed.
    (for this purpose it would be good if the usage reports indicated if the password had changed since the last time a user accessed it.)

This is then followed by the long process of going through each account and ensuring it can be closed without business disruption.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AG_PikeAG_Pike

    Team Member

    Hey @leedxw,

    Thanks for reaching out to us, and thanks for sharing this to the forum! :)

    We don't have an offboarding guide for 1Password, as every business handles these sorts of things differently. That said, you've clearly given this some thought, and what you're proposing here looks like a great model for how to handle an outgoing employee.

    Depending on the plan you have for your business, you may also be able to avail of a free 1Password Families account for each user, so they have an easy way to securely move any personal items they want to keep, as well as a safe and secure place to keep their personal data in the first place. When someone leaves your organization, they can then keep their personal account by continuing the subscription on their own.

    Since we might want to discuss your private account details with you to help you finalize this policy, I'll follow up with you directly via email.

    Cheers,

    Adam

  • Hi @leedxw,

    We go through a similar process of creating a "Former Employee - name" vault and move items there. We can then share that with the appropriate people. Seems to work fine. I also remind employees that they can stop a vault from displaying its items in settings.

    Once you are done with the former employees 1Password account don't forget to delete it. Simply suspending it will not stop the billing. I have paid for suspended accounts way longer than I should have in the past. :)

  • AG_PikeAG_Pike

    Team Member

    Hi @Cartman, thanks for your input!

    However, you should be aware that we don't charge for suspended accounts. When you suspend a team member in 1Password, you're credited for the time remaining in your current billing period. That amount stays in your account as a balance towards future charges.

    Adam

  • Thank you for that insight Adam but that is not how it has worked for us. We only get the credit once we delete the account.

  • BenBen AWS Team

    Team Member

    @Cartman

    Please note that this did change. I don't recall exactly when the change occurred, but in the past we did charge for suspended accounts, requiring that they be deleted to stop charges. In more recent history we no longer charge for suspended accounts.

    If you've seen this recently I'd encourage you to reach out to us by email so that we can investigate directly:
    [email protected]
    Please send the email from the address associated with your 1Password membership.

    Ben

  • brentybrenty

    Team Member

    @Cartman: To clarify, if you'd already paid for the account, that's expected. What Pike is saying is that when your membership is up for renewal, you will be charged only for active users, not suspended ones.

  • @brenty, we have a situation where we need to terminate an employee/team member and they have only had an account for a couple of weeks. Is it possible to get a prorated refund for this account to be terminated, or is credit the only option?

  • brentybrenty

    Team Member

    @justin4nws: It will definitely be a credit, but feel free to reach out to [email protected] if you would like to discuss your account/situation, as we can't discuss anyone's accounts here in a public forum.

  • @brenty, thanks for the quick reply. I'll reach out if/as needed.

  • BenBen AWS Team

    Team Member

    If there is anything else we can do, please don't hesitate to contact us. :+1: :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file