Sharing vault with another company

tbanastbanas
edited February 2018 in Business and Teams

We love 1Password and currently use Teams PRO subscription. We found that the support is not too quick so I'll try to ask here.

We recommended 1Password to multiple companies and some of them start signing up. If a company name is ABC I create a vault called "ABC Shared" and try to share that vault with a client of ours that signed up for 1Password. If I see correctly there is no way to share the vault with companies that also have 1Password purchased. Am I missing something?

Looking forward to hearing from you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • rickfillionrickfillion Junior Member

    Team Member

    Hi @tbanas,

    You're right, there's currently no way to share a vault with anyone outside of your 1Password Teams account. It's something that we'd love to be able to provide one day, but we aren't yet in a position to do so.

    If you're curious to know the "why" for this, let me know and I'd be happy to go into more detail.

    Can you tell me what you're trying to accomplish that would require this so that I can try to think of other ways to go about it, or at the very least it'll better inform how we would go about doing this in the future.

    Rick

  • Hi Rick,
    Oh shiuuut :)
    We are trying to get more people to use 1P so it's convenient for everybody. So, I guess we have 2 options:

    1. Ask each client as a member under our agency account (probably won't work, because these also are agencies and would worry about their data.
    2. Use Guest account, however, if a user already has a paid account and we invite him as a guest to one vault, will the vault just show up among his other vaults? Also, what permissions do guest users have?

    Looking forward to hearing from you. We need to do it asap.

  • rickfillionrickfillion Junior Member

    Team Member

    Hi @tbanas,

    Before I answer those... I did look into why you didn't get an email response sooner from us. It looks like we did reply, so it's possible that that message got caught by a spam filter or something like that. Can you look in your spam folder?

    I'm happy to answer your questions though. :)

    You're right that you effectively have two options. Depending on how large your account is, and how many of these "external" users you'd like to use, that may change your approach.

    There are three primary differences between Guests and Members:
    1. Guests have no Personal vault
    2. Guests aren't part of the Team Members group, which means they don't get access to the default Shared vault that's created
    3. Guests can only have access to a single vault

    Otherwise guest accounts are basically just like member accounts. You can give the read-write access to a vault if you choose.

    In general we recommend Guest user accounts for short term access to a team. For example if you have a contractor coming in for a month to do some work and needs credentials, adding them as a guest is a great way to give them access to just what they need and nothing more.

    In all cases, we need to be clear : the data inside of this account is owned by the company paying the bill (i.e. you). And so you should discourage external users from putting anything inside of an account that isn't in their control. This is the same reason I store all of my personal (non-work) information in an account that's separate from the AgileBits account: I need to know that my data is in an account that's within my control.

    Rick

  • Hi Rick,
    It did not land in the spam and I replied to the message that was received 2-3 days ago.

    What if [email protected] already is your paid client and I add his account with guest permissions? I'm asking as we convinced clients to sign up for 1Password and it just did bite us in the ass :-/

    Why does a number of external users matter? is there a limit?

  • rickfillionrickfillion Junior Member

    Team Member
    edited February 2018

    What if [email protected] already is your paid client and I add his account with guest permissions?

    Not a problem. [email protected] just needs to be unique within a given account. I have my personal email address linked with 3 1Password Families accounts.

    Why does a number of external users matter? is there a limit?

    There's no limit, no. It matters because if you're only looking to do it for a few people versus dozens or hundreds then it might change the approach. If you want them to be full members, you'd probably want to remove the Shared vault and have a new vault that's shared with only the internal team.

    Rick

    ref: XCH-84476-576

  • So, [email protected] can have individual paid account and be give guest access by let's say 3 other companies. In this case that user would see 3 shared vaults + own vault(s), correct?

    Where can I see permissions that guests have? guests vs members.

  • BenBen AWS Team

    Team Member
    edited February 2018

    Yes, they can. I have a number of various 1Password accounts that belong to different memberships under my @agilebits.com email address. They’re all treated as separate accounts. The fact that they are tied to the same email address is pretty much immaterial as far as 1Password is concerned. If you invited my @agilebits.com email address to your 1Password Teams membership I’d be given a unique Secret Key for that account and create a new Master Password for it. I could then add that account to the 1Password apps, and manage it alongside my other accounts.

    Permissions for guests work the same way they do for Team Members:

    Create, share, and manage vaults in your team

    Ben

  • @Ben sorry for the confusion, so that hypothetical user [email protected] that is paying for individual 1P account can be invited by multiple companies as a guest to one vault and that [email protected] will see own vaults (1p subscription) together with all vaults where he was invited as a guest, without the need of logging in and out, correct?

    Could you please answer the following question: "Where can I see permissions that guests have? guests vs members?"

  • rickfillionrickfillion Junior Member

    Team Member

    @tbanas:

    They'll need to sign in with the guest credentials (they can re-use the same Master Password, but each account will have its own Secret Key) to each guest account. They'll then see something like this in their vault chooser (forgive the poor ascii art):

    Fillion
    --------
    Personal
    Shared
    
    CompanyOne
    --------
    VaultCompanyOneSharedWithThem
    
    CompanyTwo
    --------
    VaultCompanyTwoSharedWithThem
    

    Just like you would see if you had signed in to multiple normal accounts.

    Where can I see permissions that guests have? guests vs members?

    The only permission that guests don't have that normal members do is the ability to create a vault. They can otherwise be just like a normal member with the exception of the points I listed above.

    Rick

  • @rickfillion I really hope I am missing something in here. Even if these are separate accounts they can just add them all here - http://d.inco.re/XivK2i and all vaults will be visible in their mac client, is this correct?

  • rickfillionrickfillion Junior Member

    Team Member

    @tbanas : you're exactly right. They add them all there, and all vaults will be visible in their Mac app. If they're using All Vaults (the default), then they don't even need to think about the fact that they're using multiple vaults/accounts.

    Rick

  • Great, thank you.

  • rickfillionrickfillion Junior Member

    Team Member

    You're very welcome. Let us know if you have any more questions.

    Rick

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file