New user! Need to clarify giving access to team members

Katheryn
Katheryn
Community Member

Hello!

I am a new user and would like some clarification with sharing passwords with team members. I have been able to save all my passwords to a vault, I have also invited team member to this vault and can see that I need to assign them access (i.e. viewer, editor etc). It seems though when I tested this out, the new team members are still able to view my actual passwords when they go into the vault.

Is there any way to keep the passwords private and still allow team members to be able to log into my accounts?

Many thanks for your help / feedback / suggestions!

Katheryn


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @Katheryn I'm not sure why you would want to give someone access to your websites/services, but not allow them to see your passwords. The password's only job is to protect the website/service and with access to your password they can change the wesbite/service password to one of their choosing.
    I keep most of my passwords in my Private vault where other people can't see them. I only put in the shared vaults items which I want other people to be able to view or edit.

  • Lars
    Lars
    1Password Alumni

    Welcome to the 1Password Support Community, @Katheryn! Glad to have you here. :) If you're using a shared account (1Password Teams or 1Password Business), then you'll have noticed each person has their own Private vault, plus access to the default Shared vault, at first. The Private vault is exclusively yours. You can't grant anyone else access to it, and only you can view and use the information it contains. This is where you should store all the work-related sign-ins you have for accounts where you have individual access (such as your company email credentials), along with any documents or other Secure Notes, etc that are relevant only to you.

    The Shared vault, by default, is available/visible/usable to everyone on your team. It's a great place for things you want to protect, but need to give everyone access to. Shared secrets, company information and anything else you have that falls into this category, are great candidates for the Shared vault.

    After that, you can create as many vaults as you like, and invite any subset of teammates to those vaults. This is great for different departments in a business. However, in any shared vault, anyone you invite will have access to the passwords there. It's not really possible to both share passwords with people and simultaneously NOT share them. The way to access most accounts on the internet is by means of a username and password. If you want to allow teammates to access your accounts, they must have the usernames and passwords for those accounts. As a result, you are trusting whatever subset of people you allow access to a certain set of your passwords, with the ability to access and potentially change data on those accounts.

    Keeping in mind not to post personal information in this public forum, can I ask what you're trying to accomplish? There may be ways to achieve it that will satisfy you. But in general, if you give someone access to an account you have on a website, then they have the same privileges as you do there.

  • SNM
    SNM
    Community Member

    Hi, I am building on this old thread - I have the exact same predicament right now. I would like to have it so that I can grant my team members access to certain login accounts but without letting them view the actual login credentials (so that they could not then externally share those passwords to 3rd parties without my knowledge). Is this something that could be possible with 1Password?

    My thinking is that the order of operations is as follows: I assign the login credentials to a specific vault, give access to my team members to that vault but not to view the credentials held in the vault. When they need to login, they enter their specific 1Password login in the fill form for that specific website, and 1Password populates it with the login credentials without the team member ever seeing what the credentials are themselves.

    Is this something that would be possible? If so, it would be the perfect solution and I would be looking to enroll 100-500 users over the coming year.

    thank you

  • Lars
    Lars
    1Password Alumni

    Welcome to the 1Password Support Community, @SNM! I see you've asked this question in multiple places. Please see my colleague ag_max's answer in the other thread. Please also do not post the same question in multiple places here. Thanks!

This discussion has been closed.