Why am I in the provision manager group and have access to user's private vaults?

I recently set up the SCIM Bridge provisioning through Okta. For some reason, I am a part of the provision manager group for some reason, which has access to all the new user's private vaults. So I am having every new user's private vault in my list of vaults. I am unable to remove myself from the provision manager group.
Why is it giving provision managers access to private vaults? and can I change it?
Can I remove myself from the provision manager group?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • Hi @bradenjane ,

    As part of the provisioning process, the keys to the private vaults of the invited users (those who have been sent an invite email but have not accepted the invite) are shared with the members of the Provisioning Managers group. Aside from being part of the transfer process, this gives an administrator the option to pre-load a user's private vault. Once the user accepts the invite, the keys are transferred to the newly activated user and removed from the Provisioning Managers group.

    You can remove yourself from the group with no issues. Provisioning will continue to work as before. The Provision Manager user is the key member of that group. You may have to temporarily disable provisioning to remove yourself from the group.

    Let me know what follow up questions you have.


  • This is extremely helpful. Thank you for the great reply. This answers all of my questions.

  • ag_anaag_ana

    Team Member

    On behalf of Graham, you are welcome @bradenjane! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file