Can you revert "let administrators manage this vault"?
Although we provide free 1Password Families accounts for all of my users, a few of them keep creating new "Personal" or "Family" vaults in their Business accounts. (The created the new vault to separate their private work items from their private personal items.) Worse, they check the box "Let administrators manage this vault." Unbeknownst to them, they have just provided me and my co-administrators the ability to enter their vaults and view their family's private items.
Besides user education, is there anyway to warn people not to do this? And once they have done so, is there a way to remove a vault from administration? Or does the user need to create a new vault and move their items?
1Password Version: 7.5.1
Extension Version: 1.19.1
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@andrewjcohen - thanks for the question! Yes, that's primarily an issue of internal education. If you are an administrator or owner of the account, you can actually remove the vault-creation permission from the Team Members group by clicking Groups in the sidebar when signed into your account in a browser, then clicking "Team Members" followed by "Manage," then removing the Create Vaults permission (on by default). This will prevent any further future creation of personal or "family" vaults, but it will also prevent anyone who is not an admin or owner from creating any vaults -- this may or may not cause more problems than it solves for you, and in any case it won't affect already-existing user-created vaults.
If you don't want to do that (or in addition to it), you can also click "Vaults" in the sidebar, open each existing "personal" vault (with owner or admin permissions), then click "Manage" next to "Administrators" in the "Groups" category, and remove the "Manage" access via the checkbox.
Other than that, however, yes, it's a good idea to remind team members that because they do not own their accounts in your 1Password Business account, as an owner, they should not put their private-life credentials into a 1Password account they don't control. That's a big part of why we give you the free family accounts for 1Password Business users -- so employees can stay safe in their personal online lives as well, without having to mix their personal, private-life credentials in with their work items.
0 -
@Lars Thank you for this thorough and thoughtful response. It's helpful to know that there's not a method for removing a vault from administration. We will reach out to each user and help them move their items to a Families account that they control.
0 -
On behalf of Lars, you're very welcome. Just to clarify though...:
It's helpful to know that there's not a method for removing a vault from administration.
This paragraph explains how to do that:
If you don't want to do that (or in addition to it), you can also click "Vaults" in the sidebar, open each existing "personal" vault (with owner or admin permissions), then click "Manage" next to "Administrators" in the "Groups" category, and remove the "Manage" access via the checkbox.
However, people in the 'Owners' group will always have the ability to manage vaults. This cannot be revoked by vault creators, even at the time of vault creation. As such it really is best to take the time to educate folks on the need to store personal data outside the company membership. :+1:
Ben
0