Is there a way to turn off personal vault's for a user in 1Password Teams?

I don't want the user using our teams setup for storing personal passwords, nor do I want to risk them saving company passwords in their personal vault, preventing us from accessing those passwords.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:disable personal vault

Comments

  • BenBen AWS Team

    Team Member

    Hi @CTall,

    Thanks for taking the time to write in.

    The only way to avoid a user having a personal vault is to invite them as a guest. When invited as a guest they only have access to a maximum of one vault (no personal vault, and no access to the default shared vault).

    At the moment it is not possible to have a user have access to multiple shared vaults, but not have a personal vault.

    The purpose of the personal vault is to store items related to the company but unique to the individual (such as email, computer login, payroll, etc).

    I hope that helps!

    Ben

  • That makes sense. However, being that it's a company resource, I'd like to have access to any password saved in the resource provided to them by the company. When they have a personal account, it enables them to keep private from the company. If there are passwords they wish to store privately, they can add their own 1Password account to keep that in. That's my take on it anyways.

  • JacobJacob

    Team Member

    @CTall Thanks for the feedback. You can set things up that way if you want. Instead of using regular team members, just use Guests. They don't have a Personal vault, so you can set up a vault for them and you to both have access to, then share it with them. Let us know if that sounds like a good solution. :) It's not how we designed Teams, because everyone has personal items they may want to keep private from others. In some cases, like yours, Guests are better.

  • edited May 2016

    But, as you wrote, guests only allow for ONE vault.
    This is then again, quite limiting.

    I can understand your concern, CTall, I´ve been thinking about it, too.

  • JacobJacob

    Team Member

    @Unicade_Music Ah good point. I'm afraid I skipped over that. At the moment, using Guests is the only workaround if you don't want a member to have a Personal vault. We may change this in the future, but that's how it stands. Thanks for the feedback, folks! We appreciate it.

  • Has there been any change on this topic? I, too, would like to have access (as an owner of the account) to the personal vaults of my team members. They've been directed to only store corporate credentials in this vault, and if they leave I want to make sure I can get to the data.

  • JacobJacob

    Team Member

    @nickcada At this point I'd recommend using guests instead of standard team members if you would prefer your team not have Personal vaults. Disabling the Personal vault is not something we're planning right now. Thanks for the feedback! I'll let the team know about your interest. :)

  • I need to do this as well.. has there been any progress doing this without using the guest acount option?

  • FrankFrank

    Team Member

    Hi @tdehnke - Thank you for reaching out to us. I appreciate your feedback and interest in disabling Personal vaults within Teams.

    We don't have a timeline to share at the moment. As of right now, using a Guest Account is the best solution to avoid team members having access to Personal vaults. Another idea, if you signed up for the Pro Plan, you can restrict team members from being able to export any data from within a Shared vault. Again I appreciate the interest in this feature and thank you for taking the time to let us know it's important to you. Let us know if you have any additional questions. Have a fantastic day :-)

  • The guest account method seems limiting and looking around on here it looks like a feature that has been requested a lot. Is there a timeline for adding it?

  • FrankFrank

    Team Member

    Hi @tdehnke - We don't have a timeline to share at the moment. I appreciate you letting us know it's an important feature you would like to see added to Teams. I don't know when or if this will be implemented. Sorry for not having a better answer here but I think it's best to honest with you. We're always here to assist if you have any further questions. Have a fantastic day :-)

  • Hi @Frank - I just want to echo other people's desire here to have some way to access a user's Personal vault as a Teams admin. Our concern is that if someone leaves on poor terms, there's the chance that some important log-in is saved inside their Personal vault, and we would have no way to access it. I don't necessarily want to restrict users from using the Personal vault in the first place, but would like some insurance policy when off-boarding team members that we could access any corporate-owned accounts that are saved in their Personal vault.

  • FrankFrank

    Team Member

    Hi @jcolvin - I can understand where you're coming from so I appreciate the feedback. For now, you could add a permission to any Shared vault so team members are restricted from moving any data from within the vault. You can also add a permission restricting members from moving items to the trash as well. I know it's not exactly what you're looking for but I figured I would mention it just in case. Thank you for again for letting us know this is something you would like to see within 1Password Teams. :+1:

  • I am completely against allowing admins to have access to the personal vault of a user. This is a huge privacy issue. A the personal vault is meant to be personal, if anyone has access to it then it's not longer a personal vault, it's a shared one. I might be wrong but the goal of the personal vault is to store company (but still private) related credentials inside this vault (so you know your employees are actually using a secure place to store their passwords). Having an admin accessing this vault would allow the admin to potentially steal the identity of an employee: if the employee stores their gsuite credentials someone could send emails using the employee account, it could also allow bigger issues like having an admin login using an employee credentials into a sensitive place (like a database) and remove data, which would make the employee guilty of something they didn't do.

    If a user has access to something an admin doesn't have access to (with their own account), then it means the manager (or whoever in charge of that employee) didn't do their job right, and not doing your job right is not a reason for removing your employees privacy. It's also the manager job to know who has access to what and to have an off-boarding process.

    We're working on having all our employees using their personal vault to store all company related credential (gsuite, slack, etc.), and we are using a service that requires the users to link their banking information. Having an admin being able to access those data would be a critical issue for us.

  • rickfillionrickfillion Junior Member

    Team Member

    Hi @melvin,

    I think you're right, there are some serious privacy issues there. Some companies would want this, and others would not. If ever we were to allow that it would need to be very clear to everyone. An employee would need to be aware of the fact that someone else could see inside of the personal/private vault.

    Rick

  • roustemroustem AgileBits Founder

    Team Member

    Note that if the employer has access to the former employee's email account then it is possible to get access to the Personal vault by performing account recovery.

This discussion has been closed.