Feature Request: Auto password change, Customer access (for MSP), SAML User Management

Hi Guys,

1st off, I love 1Password, however for me to consider using it for my business there are a few features i would love to see:

Auto Password Change
We require passwords to be changed every 90 days for security reasons, there are other password management software that is able to do this quite well.

Customer Access (MSP)
We are a Managed Service Provider, it would be really cool if we would be able to give our customers read-only access to the portal to run reports or see passwords. Some of our customers like reports that say when the passwords were accessed, we also record ticket numbers against each access so that they know why it was used.

SAML User Management
We utilise SSO across our business, however we cant do that with 1Password, now i know that 1Password is much more secure using its own authentication so im happy with that but if we have someone leave, i want to just disable 1 account and it disables everything, likewise giving access i should be able to add a user to a group and they get sent signup info for their 1Password account.

I would love to see these features implemented!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @marksie1988

    Thanks for taking the time to write in. I’d be happy to discuss these requests with you.

    Auto Password Change

    We do not offer an automated process for changing passwords. There is a fairly comprehensive thread on the subject from last year here:

    Feature Request: Auto-Change Passwords — 1Password Forum

    I’m not aware of any plans to implement such a feature, but if we could find a way to do so reliably and securely I do see how it could be a boon to many organizations.

    Customer Access (MSP)

    Guest accounts may accomidate some if not all of this request, depending on how you are recording these access times and associated ticket numbers:

    Share with guests in your team | 1Password

    SAML User Management

    We have a SCIM bridge that, depending on what you’re using for directory services, may be able to help:

    Automate provisioning in 1Password Business using SCIM

    You may also be interested in our command line utility if you’re looking to automate actions within 1Password:

    1Password command-line tool: Getting started

    I hope that helps!

    Ben

  • I too love 1Password, but the SCIM is a joke. When will you guys build a real SSO solution?

  • BenBen AWS Team

    Team Member

    Hi @mlshepherd,

    Would you be willing to elaborate?

    Ben

  • Hey @Ben

    You bet. I've done a lot of SSO integrations and this one is pretty... Rough. Having to install docker, a load balancer, and run a local utility to get it to sync isn't the norm.

    Would be really nice to just do a simple web UI that that generates the data points you need like URL, application ID and Token or whatever...or even cooler would be to do an azure SSO app.

  • brentybrenty

    Team Member

    @mlshepherd: I agree that would be cool. It's fairly new, and, as I'm sure you're aware if you've tried it, we're constantly improving it based on feedback from each deployment. I'd encourage you to share the details about your pain points with business team so we can see what we can do to help you and others who might have similar issues: [email protected]

  • Hey @Ben

    You bet. I've done a lot of SSO integrations and this one is pretty... Rough. Having to install docker, a load balancer, and run a local utility to get it to sync isn't the norm.

    Would be really nice to just do a simple web UI that that generates the data points you need like URL, application ID and Token or whatever...or even cooler would be to do an azure SSO app.

  • Here is an example of a provider that does a really easy Azure SSO onboarding.

    https://support.quickhelp.com/helpdesk/attachments/6071113865

  • BenBen AWS Team

    Team Member

    Thanks @mlshepherd. I'll pass the message along to our SCIM team. One of our primary concerns is that we never want to have access to any customer 1Password data. As a result our setup is a little more complex than others because it requires running the SCIM bridge on your infrastructure. If we were to host it (which would admittedly cut down on configuration requirements) we would have essentially full access to the accounts of customers using it. We're not willing to do that. But as Brenty mentioned the SCIM bridge is essentially brand new (still in beta in fact), and so there certainly may be some improvements we can consider. Ideally it would be easier to configure.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file