Logins associated to users - not only vaults

Options
1passuser1
1passuser1
Community Member
in Business and Teams

I've been poking around and I think this is a great first step for 1Pass towards working with teams. The interface is very intuitive and easy to use. The password management OS X app is great. The only issue I'm having with it is the process for terminating a employee.

If an employee has access to a vault they have access to all the passwords in the vault. That works fine until it's time to terminate that employee. I would have to reset passwords for every login in that vault (my FTP vault has hundreds). If I was able to specify which logins the user had access to instead of which vaults the user had access to I would only need to reset the passwords for those logins, not all of them.

I know some might say just don't give them read access to the passwords. This works fine for site logins like Wordpress admin areas but there's no way 1Password doesn't integrate with every single application (FTP programs, ssh user accounts, etc) to provide that type of functionality. Users need to be able to retrieve the passwords from the logins.

Also on that same not it would be awesome if a user could see all of the logins in a vault but then need to request access to get the username and password. That way I would know which passwords which user needs access to.

I look forward to hearing other's thoughts on this topic.

-User

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • roustem
    roustem
    edited November 2015
    Options

    If the employee had access to a particular vault then it is reasonable to think that they had access to all of the items in the vault.

    I saw a few suggestions about tracking access to individual vault items but I do not think it can be done reliably. With the offline mode, the employee could simply turn off Wi-Fi and access all items without sending the usage information to the server.

    The best solution could be to group items in multiple vaults and give employees access only to the vaults they need. We recently changed the client apps to make it very easy to use multiple vaults.

This discussion has been closed.