I'm interested in a particular scenario of managing teams where a member has access to both their own personal Vault and a Team vault in the application. Let me describe a common situation (not involving 1Password) which arises in my business of accounting. Employees are provided login information for personal client accounts which they access through a browser. When entering this information, the browser asks if they want to save this information for auto-entry. Employees are trained to not save client logins, but nevertheless it's easy to do. Most common browsers are designed for personal use case and provide every opportunity to save this info. And from a personal productivity standpoint, ease of entry is desirable for employees. Mistakes happen.
What this illustrates is a scenario where users are compelled by the app and productivity goals (or other motivations) to do what they shouldn't. I'm interested to hear if the 1Password application has a feature for verifying team users have not saved client information into their Personal Vaults. I'm thinking a verification check needs to be performed for team admins to ensure an employee's Personal Vault does not contain a Team Vault client logins.
I read the post about Team audit logging and wonder if an admin can identify this prohibited behavior using this feature. It would be a security failure if the ease of use of the application makes it a simple matter to save client info into your Personal Vault, and later, after termination of employment, still have access to their former client's accounts. Removing a user from a vault would not be the end of securing client logins. All client logins would need to be reset.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: windows 10
Sync Type: Not Provided