Multiple Login's But One Password

David_A
David_A
Community Member
edited September 2023 in 1Password in the Browser

In a business using, Microsoft Active Directory, many business applications sync with AD for user login rights, user and password. Example, I have 15 different websites I log into which means I have 15 different enteries in 1Password. My user and password for all 15 entries is the same, which is my domain user and password. The URL's are all different and 2FA is different, and security questions are different. Would it make sense, for businesses, to have the ability to set a user/password entry and then link to that entry from other entries. Then I could have an entry for "Payroll" with the correct URL but it grabs my user name and password from the linked "My Domain Account" entry? Then when my domain password expires, every 45 days, I only have one place to update it in 1Password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«13

Comments

  • esheehan
    esheehan
    Community Member

    I've found myself in a somewhat similar situation.

    We have some single sign on system at work so I use the same password for many sites. I've added the various URLs for each site to the login in 1Password so that 1Password knows to use that login for all of the sites, but they don't all use the same username. Some of the logins are set up to use just my username, while others use my full email address.

    For now I'm just manually editing the username after 1Password autofills the log in, but I was wondering if there's a better strategy?

  • AGAlumB
    AGAlumB
    1Password Alumni

    I've added the various URLs for each site to the login in 1Password so that 1Password knows to use that login for all of the sites, but they don't all use the same username.

    @esheehan: I have to say, I've never heard of that before. Usually an email address is accepted installed of a username. Thank you for letting us know!

    Unfortunately I'm not sure there's another option, besides saving separate logins for the accounts that require a different username. That brings with it the potential problem of 1Password telling you these passwords are duplicates. Is it a case where a half-measure might work? For example, do places that don't use your email address al use the same username? In that case, you could use only two separate logins. Not ideal, but it would save you some manual effort. Alternatively, if there's an option to have the site remember the username, that could help either way.

  • AGAlumB
    AGAlumB
    1Password Alumni

    In a business using, Microsoft Active Directory, many business applications sync with AD for user login rights, user and password. Example, I have 15 different websites I log into which means I have 15 different enteries in 1Password. My user and password for all 15 entries is the same, which is my domain user and password. The URL's are all different and 2FA is different, and security questions are different. Would it make sense, for businesses, to have the ability to set a user/password entry and then link to that entry from other entries. Then I could have an entry for "Payroll" with the correct URL but it grabs my user name and password from the linked "My Domain Account" entry? Then when my domain password expires, every 45 days, I only have one place to update it in 1Password.

    @David_A: It seems like in your case you could simply save all of the relevant URLs where you use the same credentials in a single Login item. Does that help? That would tell 1Password that it can use that login on all of those pages.

  • esheehan
    esheehan
    Community Member

    @brenty I've thought about having two separate logins in 1Password: one for Google (which I think is the only place that requires the full email) and one for everything else. For now I've opted to have only one place to update the password when it needs updating because I think we actually have two different account management systems with different passwords, and it's already confusing enough which one of those I need to use to log in in which place (bureaucracy 🤷🏻‍♂️). In any case, it's not a huge deal, I just thought I'd check and see if there was some feature I didn't know about for managing usernames.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @esheehan: Wow. That does sound confusing. I'm glad you're at least getting pad to keep it all straight! I'm sorry I don't have a (more) clever solution for you, but glad that works for you, and grateful that you brought this interesting case to our attention!

  • nxd10
    nxd10
    Community Member

    I am in the same situation. I work for a university (is uses google services, if it matters). I use that same username and password on dozens of sites on campus. I also need to use it to log in to Google to get my mail, calendar, and other services. I am required to change passwords every three months.

    Now, each of these logins generates a new password in 1Password. I also get an error message because it looks like they are duplicate passwords. They're not. It's one username and password used in multiple situations. Are you suggesting that I can add ALL of the different urls to the same entry? That would be AWESOME. It's been very confusing and I anticipate it will be a pain next time I do a password change.

    The same would be true in my bank, correct? It has a main login, and then separate one sometimes for different parts of their site.

  • nxd10
    nxd10
    Community Member

    One more note: I have now tried this and it seems to work. HOWEVER, like many, many schools and universities, we are managed by Google. When I log in in to Google I have to use the @domain.name on my username. When I log in to the university, I have to omit the @. SO it looks like I have duplicate passwords, but don't. Any work around? (Obviously I can have the two entries, which I do now.

    I expect this is true for companies that use Microsoft or other management systems as well.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @nxd10: I've got a lot of different Google Accounts myself...but it sounds like you have one and saved multiple Login items for it. Is there some reason why you can't just use a single Login item for that?

    Are you suggesting that I can add ALL of the different urls to the same entry?

    Exactly. I can definitely appreciate that it is nice to have specific URLs for different services. But if the account credentials are the same, you really only need a single Login item.

    The same would be true in my bank, correct? It has a main login, and then separate one sometimes for different parts of their site.

    If the login credentials are different, you will need to use separate Login items. It is possible to have multiple URLs in a Login, but not multiple usernames/passwords. But if your login credentials are different, 1Password won't complain that they are reused. Let me know if that helps. :)

  • nxd10
    nxd10
    Community Member

    Excellent. I have made many changes along these lines today. That's very helpful. BTW - I can't find this feature documented ANYWHERE. Once you're in the program, you can't get to the documentation. And if you go the main website and log in, you can't get to it. I have never ever seen a website or app set up like this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Excellent. I have made many changes along these lines today. That's very helpful. BTW - I can't find this feature documented ANYWHERE.

    @nxd10: Happy to help! I think we don't have this documented because there's always an additional empty "website" field below what you already have saved when editing, but perhaps you hadn't gone into edit mode.

    Once you're in the program, you can't get to the documentation.

    There should be a link to our support site in the Help menu. Which version are you using?

    And if you go the main website and log in, you can't get to it. I have never ever seen a website or app set up like this.

    If you are trying to login to 1Password.com, that will only work if you have signed up for an account as part of the membership subscription service. Is that what you mean?

  • nxd10
    nxd10
    Community Member
    edited January 2019

    I have gone into edit mode - I think I've spent 20 hours using the program since I bought it December 28th. I have a lot of passwords and I've been systematically upping my security. It is honestly not obvious what specific functions do. For example the extra websites or the linked information. This is a shame because this is a fantastic program and the more I use it the more I see it do. But my learning has been through hanging out on the forums. I like forums, but basic information should be more available.

    A ? next to the 'website' entry -that linked to even a definition or suggestion would be incredibly helpful ("You can enter other portals within the site that use the same username and password.").

    SO obviously I am doing something wrong because there is absolutely no documentation that I can find on my Mac app.

    If I go online and into my account (logged in) I see no help either.

    I can see help in my iPhone app.

    I can get Support if I go to 1password and don't log in. That's the ONLY way I can find to get help.

    I have two sons - one an IT support tech with security certifications and the other an avid gamer. I had to walk them through the process and I'm still learning nuances. I really spend most of my life working with screens. The program itself is pretty intuitive when you aren't trying to manage it or if you don't have a lot of passwords. But if you are working through things context help - or ANY help - available when you are within the working program would be helpful.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I have gone into edit mode - I think I've spent 20 hours using the program since I bought it December 28th. I have a lot of passwords and I've been systematically upping my security. It is honestly not obvious what specific functions do. For example the extra websites or the linked information. This is a shame because this is a fantastic program and the more I use it the more I see it do. But my learning has been through hanging out on the forums. I like forums, but basic information should be more available.

    It sounds like you're on the right track, but maybe ask more questions! If there are things that are unclear to you, different tasks you want to accomplish that you haven't figured out on your own yet, etc., I'm sure I can point you in the right direction again. After all, that's what we're here for, and the sorts of things people ask for help with informs changes going forward as well. :)

    A ? next to the 'website' entry -that linked to even a definition or suggestion would be incredibly helpful ("You can enter other portals within the site that use the same username and password.").

    I don't think it's helpful to put a bunch of question marks all over the place. I've used software like that. I find it annoying. But more importantly, most people just find that sort of clutter distracting and confusing. I do think there are other things we can do to help though, without turning 1Password into something that looks like 90s-era Windows software, if you know what I mean. ;)

    SO obviously I am doing something wrong because there is absolutely no documentation that I can find on my Mac app.

    In 1Password for Mac version 7, if you go to Help > Get Help, that takes you straight to our support site, with guides for a wide variety of things 1Password, and ways to contact us if you don't find what you're looking for:

    https://support.1password.com

    If I go online and into my account (logged in) I see no help either.

    If you click your account menu in the upper right, you can select "Help & SUpport", which also takes you to our support site -- specifically a guide for account management, but you can search for anything else there too.

    I can see help in my iPhone app. I can get Support if I go to 1password and don't log in. That's the ONLY way I can find to get help.

    Can you tell me what you mean by "go to 1password and don't log in"?

    I have two sons - one an IT support tech with security certifications and the other an avid gamer. I had to walk them through the process and I'm still learning nuances. I really spend most of my life working with screens. The program itself is pretty intuitive when you aren't trying to manage it or if you don't have a lot of passwords. But if you are working through things context help - or ANY help - available when you are within the working program would be helpful.

    If you have any suggestions, I'll be happy to bring them up with the team. :)

  • rjmalves
    rjmalves
    Community Member

    I have the same issues exposed by other fellows, and i would like to know if is there any chance of 1Password having features to adress this issue ?

  • Hi @rjmalves

    I couldn't make any promises, but we have been discussing how we might possibly address this situation. We agree that the current state isn't ideal, but I don't believe we've settled on what the ideal state would be.

    Ben

  • bartekmo
    bartekmo
    Community Member

    Getting back to this one - is there any progress in adapting to the SSO/AD use case? Having multiple entries for multiple variations of a username (these could be: username, domain\username, username@domain, email - and no, email is not the same as principal name) totally breaks it from usability point of view, because:
    1. redundant entries
    2. duplicate password warnings
    3. password rotation pain

    I could see it as either login entries linked to a shared password entry, or a possibility to optionally add usernames to additional websites in a single login entry.

    I've been in 2 separate (large) organizations and both have tons of internal websites requiring different forms of username but always the password from central AAD. It is not uncommon.

  • john_m
    john_m
    1Password Alumni

    Hi @bartekmo, welcome to our forum! 👋

    It's something that's still being discussed internally here; in the meantime, you could combine the suggestion above to consolidate as many Logins as possible that share the same format of username together using multiple "website" fields in the one Login entry, with using tags (https://support.1password.com/favorites-tags/) to help you quickly locate multiple Login items that are related. For example, you could tag your various Login items with "activedirectory" or similar - then, if you need to rotate the associated password, you can quickly find and update your other related Login items to alleviate some of the work involved with point 3 from your list. I hope that helps a bit in the meantime!

  • daniel666
    daniel666
    Community Member

    Hi!

    Same situation here: active directory account with one password fo multiple sites with different usernames.

    Currently I'm using Keeper Security but I want to switch to 1Password (mainly Linux and Android. Windows from work). Your applications looks better, works faster and you have Linux support as separate type to download ;).

    This problem is solved in Keeper by possibility to add web input field name as custom field name for an item. And value with username that should be filled. Unfortunately there is lack of information about it. I saw that first field is filled with default username but next (I think when some algorithm find matching input field name) it's changed to username from custom field.
    I imagine that looking for matches for every field could be costly and could slow down application a lot. Maybe instead of that we could put username as field name for website additionally added to the item (eg instead "website" it will be username that should be used to login in website from field value)? It's just an idea :)

    I hope you will find an effective and simple way.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for sharing your feedback as well @daniel666 :+1:

  • usestrict
    usestrict
    Community Member

    This is a problem every day for me. I log into Office365, local AD sites, multiple of them, and they all are tied to the same password (I change it once and they all change). So I use email address and multiple different AD logins depending on which corporate system I connect to. All use the same password store.

    It would be nice to be able to add multiple possible usernames. Then let me choose which when I tell it to populate. And for the URLs, maybe let me choose a default username from that list, or remember the last use?

  • ag_ana
    ag_ana
    1Password Alumni

    @usestrict:

    Thank you for the suggestion! We will keep it in mind moving forward :+1:

  • barthrh
    barthrh
    Community Member

    I'm going to pile on here as well. More and more of my sites are moving to SSO. I have a lot of different production site or demo sites that I want to be their own entry in 1P (i.e. don't want to just add them as a "website" under my corporate identity). If we could just allow the credentials of one entry to reference those of another, rather than have its own, that would seem to work fine.

  • Thanks for the feedback @barthrh. :)

    Ben

  • mmoud
    mmoud
    Community Member

    I see this request so many times and I am also in same boat. Are you guys even putting this in a feature to be implemented list ? Or you are still listning after years of feedback ?

  • @mmoud

    We don't speak about future plans with any specificity, so I really couldn't say if this is something that will be addressed or not; sorry. We are of course open to feedback though, and continue to monitor what folks have to say about the situation.

    Ben

  • dixie_tech
    dixie_tech
    Community Member

    Same Same but different. Is there a way to make 1password (X) recognize multiple URLs for the use of one login credential (without having to list each and every website)? Maybe with the use of a wildcard, ex. https://10.33.* or maybe even pulling SSL certificate information to identify. In my scenario, I currently have 75+ devices that are accessed by an IP address. Each device starts with https://10.x.x.x. These devices are managed by a controller, so I can push out a password profile to all with one command. I guess I'm just being lazy but I thought this may come in handy for the masses.

  • Ben
    Ben
    edited April 2020

    Hi @dixie_tech

    The only way I can think to do that would be to assign each of these devices a DNS name within the same domain (e.g. 10-33-x-x.mydomain.lan). Then you could save a Login item with a website field of https://mydomain.lan and that would show up as an option for each of them. I don't believe there is any way to do this for a block of IP addresses. I'm not sure what you're using for internal DNS/DHCP but many DNS systems have the capability of registering all DHCP reservations and leases in DNS.

    I can suggest to the team that we consider adding the ability to wildcard the website field for private IP space, but with that not being on the radar right now it would be a ways off if it were to be implemented, so I'd recommend planning based around what is currently available.

    Thanks!

    Ben

  • Luolong
    Luolong
    Community Member

    Hey!

    I have foud myself in the same situation multiple times Each time I switch an employer (and I've done this 3 in past 4 years), I have a situation where I have many sites that all have slight variations of user name backed by the same LDAP/AD with a single password shared between those.

    I could save a login item for each separate name + password combination and bind all relevant URL's to the one login item, but then 1p would start warning and complaining that I share passwords. Moreover, the minute I update my password, I now have to find and change the password in all of those login items. It is tedious, error prone and inefficient.

    And there is also 2fa to consider - some of the web pages require 2fa/OTP login. And in my current employment, I have at least three different OTP's that I need to maintain even if they do share same username+password combo.

    I would much prefer if I could share same password entry across all those login items and whenever I change that login password, the change would apply to the shared password and updated across all the logins that share same password item.

    Currently it seems that 1p has an a feature of linking items together, but that linkage does not really seem to do anything useful.

    What if, when linking a password item to the login, the login item would use the linked password value instead when filling in password fields. That would solve both - shared password problem (I wold not need to have duplicate passwords everywhere) and the problem of updating the password on expiration

  • Hi @Luolong

    Thanks for the feedback. The general recommendation for situations like this is to have one login item that has multiple website fields on it. This item can have multiple TOTP fields, e.g.:

    This setup will not cause Watchtower to flag the password as reused, because only one Login item contains the password. We may be able to come up with a different solution in the future, but nothing like that has been decided at this point, so it would be a ways off if pursued. As such I'd recommend basing your workflow around what is available now.

    Ben

  • Luolong
    Luolong
    Community Member

    Thank you for your reply. I still have the situation where I need multiple login items because of multiple sites accept user names in different forms (all of them sharing same password):

    • user.name
    • user.name@domain.com
    • user.name@anotherdomain
    • ANOTHERDOMAIN\user.name
  • I see, yes, thanks. That is indeed a case where you'd need multiple login items. Unfortunately at this time there is no way around that. Hopefully that'll be something we can account for in one way or another moving forward.

    Ben

This discussion has been closed.