Password "inheritance" on item level.

ggenter
ggenter
Community Member
in Lounge

I don't know if there was already feature request like this but I sometimes need a feature which can be described as password inheritance. I've seen topics about password inheritance but they are about inheriting vaults when person passes away. This is not what I'm talking about.

For example, I have a VPN account that uses ActiveDirectory or LDAP account.
I have two entries, one for VPN, and one for Windows account.
I would like to be able to link them, or say that VPN password is inherited from AD/LDAP entry.

This would help me since I wouldn't need to have two entries with same password, but when I'm connecting to VPN I could just search with Quick Access for that VPN's password and not AD/LDAP one (it's easier).

Or for example when I have 20 server entries, I could just "link" with AD user entry.

That way when I change AD/LDAP user password I only update one entry.

Now I'm using "Link to related item" functionality but this is not password inheritance aware. When I search in Quick Access for parent item I can't get password from linked item.

I know it's a complex thing but there are some cases where this would be very helpful.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @ggenter! 👋

    Thank you for reaching out! At the moment the best way to store LDAP logins is to have a single login item with multiple website URLs. Then, if your LDAP solution doesn't support the exact same username across services, you could autofill the password and then copy and paste, or drag and drop, the username.

    I know that this isn't the best solution and I've filed a feature request with our product team to have them look into offering more dedicated functionality for these sorts of accounts.

    Let me know if you have any questions.

    -Dave

    ref: PB-41484488

  • ggenter
    ggenter
    Community Member
    edited August 9

    Hey @Dave_1P. Thanks for reply.

    When it is URL based thing then yes, I use it like you mentioned.

    But in this case it really isn't about web logins, and it is for items I cannot have auto-fill for. For example "server" items, or "database" items that use windows accounts, or some other custom items for apps that use LDAP username/password like VPN clients. That way I have one item that is AD/LDAP username/password, and I can have other item which is specific for VPN connection information (it can include additional VPN specific info, attached instructions PDF). That way I could inherit credentials from AD/LDAP entry (or only password) and have them too at the same place, but inherited from parent item.

    This is meant purely as a way to prevent having two different items for different purposes with different options but sharing the same credentials since that way they would end up in Watchtower as "reused passwords". Also it would help in organizing items.

    I know, the more I think about it the more I see it as a feature that introduces too much complexity to the app but it will be usable only in a very few rare cases to a very few people. Even I can't think of more use cases where it might come in handy. Maybe someone else would have other ideas.

    So maybe I should just get used to search for specific AD/LDAP account item and not VPN account item in those cases.

    Thanks anyway and keep up a good work, I love this app.

  • Dave_1P
    Dave_1P

    @ggenter

    Thank you for the detailed reply! I can definitely see room for improvement for this use case and I've filed a feature request internally with our product team on your behalf. They'll look into this further.

    I appreciate you writing in with suggestions and feedback to help us make 1Password better. 🙂

    -Dave

    ref: PB-41764675