Took a look around the community pages and didn't see anything to answer this. Please feel free to point me to prior questions if I've missed this.
I've two types of users, lets say Salespersons and Admins.
- Salespersons have individual access and passwords to 3rd party sites that Admins need access to
- Admins do not have passwords to share, they just need to be able to use passwords of Salespersons. Admins should not be able to see the passwords they're using
- A Salesperson could work with any Admin, but a Salesperson would not work with another Salesperson. i.e. all Admin's should be able to access passwords of all Salespersons, but a Salesperson should not have visibility to another Salespersons passwords
- Both teams are large, and as a result turnover is frequent, so we'd prefer a solution which allows us to manage groups rather then individual users. e.g. when a new Admin starts can we add them to a group rather than add them to individual vaults (or folders) for hundreds of Salespersons
- SSO required and do see 1Password now offers this
Does 1Password provide the features to address this use case?
1Password Version: Potential Enterprise Client
Extension Version: Not Provided
OS Version: Windows 10 Enterprise
Referrer: forum-search:group share
Following this as my organization has the same concern.
Hi @clparker78, welcome to the 1Password Support Community. 👋
With 1Password, you can create and share vaults, which are containers for your saved passwords and items, with users and entire groups. You could create your own system where you create a vault for each salesperson and then share it with your entire "Admin" group.
With 1Password Business you can also create custom groups, which could aid in assigning vault permissions to entire groups, without the need of individually sharing vaults with specific users.
To clear up any potential confusion, in 1Password, one of the default groups is named "Administrators", and they're able to perform a variety of tasks like inviting and removing users, viewing reports, managing groups, and assisting with recovery. Using a custom group, you could assign those users access to vaults accessible to salespeople, and then remove the "View and Copy Passwords" permission, which would ensure they're only able to rely on 1Password to fill this information, without the ability to manually reveal them in 1Password ecosystem.
As you mentioned both of your teams are large, I suggest contacting our business team through email at [email protected]. They can get a better idea of your organization's needs and help you come up with an action plan. So that we can 'connect the dots,' feel free to include a link to this thread with your email message: