Dealing with employee offboarding and private vaults
Hi there,
We recently onboarded our team on the 1Password for business platform and it has been pretty smooth.
When a colleague leaves the company (either because they were fired or because they're moving on), we deactivate their 1Password account to prevent them from keeping access to their work-related accounts.
However, sometimes our employees need to create a personal account, which they wouldn't put in a shared vault as no one should ever need to access it. If the employee leaves on good terms, we can probably ask them to transfer the accounts to a temporary vault so that IT can disable the accounts, or w/e, but if someone leaves on bad terms that option may not be available.
What is considered best practice regarding the private vault of users that get offboarded?
One potential solution that could work is as follows:
1. disable the account
2. change the account's e-mail address
3. begin the recovery process
4. clear out the accounts
5. actually delete the 1Password account
Problem is, we can't edit a user's e-mail address.
Any recommendations are welcome :)
Kind regards,
Florian
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hey @fhbc,
Once a user is deleted from the account, their Private vault and any vaults they created are also deleted.
If the employee leaves on good terms, the best and easiest process is:
- Have them create a new separate account
- Have them move their personal items into it
- Delete them from the business account.
If they leave on not-so-good terms, it's entirely up to you if you want to give them a short grace period to also go through the above steps or not.
0 -
Hi @Laura_1P, thanks for your reply!
Your suggestion is valid, but I was hinting at "personal" company accounts. A.K.A. someone in our operations team has an account that they do not share, purely for work, with which they order parts and components for our product at the website of a given distributor.
Under normal circumstances, no one else would ever really need to access that account. But if they leave the company, someone else would have to take over the responsibility and the account.Do you have any suggestions for that use case?
0 -
The private vault is designed to be private, so accounts that may need to be accessed by someone else should be stored in a shared vault. If a team member leaves under bad circumstances and doesn't transfer company logins out of their private vault, the work around you described is best. As you noted, it does require the company have access to their email address and for an administrator to recover the 1Password account.
I think the take away here is to make sure all of your team members are using a company email address for their 1Password account, so there are no issues when they leave the company.
I hope this information helps. Be sure to let me know if you have any further questions!
0