Provisioning and de-provisioning

saso
saso
Community Member

https://support.1password.com/teams-faq/#can-i-access-my-team-data-offline

Here you say data is stored offline and accessible. So what happens if you remove the team member? Do they still have access to secrets if offline? When do you revoke their access?

Also, how does provisioning and de-provisioning work? All manual?
Any plans for SAML support and services like Okta?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Jacob
    edited May 2017

    Hi @saso! When you remove a team member, they won't be able to access their data on their device once it receives a notification from the server that their account has been deleted. If they go offline completely before that, they would still have access to their data. To revoke access on some other level, you would need to be connected to their device in another way that allows you to remove the data without an internet access. It's not feasible for 1Password to do that itself since the server has to notify the app that the account no longer exists, which requires internet access.

    One option, which would take things another direction, would be to limit their access to certain vaults to 1Password.com. That would mean they couldn't use them in the apps, and the website would be the only place they could access the contents of them. The downside, of course, is that they wouldn't be able to use the apps or browser extension for anything beyond their private vault. May I ask what you're looking to guard against?

    Also, how does provisioning and de-provisioning work? All manual?

    At the moment, yes. To remove you a user, you'd sign in to the team's Admin Console on 1Password.com and delete them:

    Add and remove team members

    Any plans for SAML support and services like Okta?

    At the moment, we don't have any plans for this. We're looking at making provisioning in 1Password Teams a bit better in the future, however, so feel free to keep an eye out for that.

This discussion has been closed.