Managing Multiple Users with different permissions
We are looking at using 1password in our office. There are about 10 people in our department. What we'd like to be able to do is to give each user access to just some of our passwords, depending on their jobs. Is that possible with 1password?
Comments
-
Thanks for the question! With Multiple Vaults in 1Password 4, you can organize your password data into separate vaults to share only the relevant information with those that need it. In your situation, you might consider a vault for each level of access: a 'general' vault for all employees, and then a 'project' vault for those working on a certain project. (Without knowing more about your department, it's hard for me to imagine just how you might want to organize these Logins, but multiple vaults should provide you to tools you need!)
Please let me know if you have any further questions. :)
0 -
@Megan, while the current implementation of multiple vaults would work, it's somewhat clunky for the described scenario. Users would have to be continually switching vaults to do their various jobs. it would be quite cool if you could have an option to open multiple vaults simultaneously and have the items merged in the gui views. That way you can rely on the having separate vaults to de-mark sets of logins and use the OS file security to control access while still giving the user a seamless 1P experience.
0 -
Thanks so much for adding your thoughts here! You're right, there are some improvements that can yet be made on multiple vaults. This is still a relatively new feature for 1Password, and our developers are working to make sure that it is as user-friendly and secure as possible. While I can't comment in much more detail than that, your feedback is much appreciated - we're listening!
0 -
Let me get this straight. Tell me if I'm wrong in this assumption: If the general vault for all employees is called "3" and so all employees have access to Level 3 and there is a vault for just Information Tech people and that is called "2" (and they have Level 2 access), either all level 3 sites would have to be in the Level 2 vault for Level 2 people or they would have to navigate between 2 and 3. Is that the way it is now?
0 -
Yes, at this point there is no way to set different security levels within one vault, so a vault for each security level seems to me like the best way to organize things. While switching between vaults does require a click or two, it's something I do many times a day and it's not a bad workflow to get used to. :)
0 -
That's too bad. Honestly, you guys are so, so, good, I'm surprised you don't have an enterprise level that does this. There's a need.
0 -
In our office, we have 2 people already using 1Password for OSX and a small handful of others I'd like to get onboard (would be using Windows).
The previously mentioned OSX users are already using 1Password for personal accounts, but we'd like to share company-wide accounts across the board. Vaults seem like the obvious solution, but that would require switching vaults constantly to go from personal accounts to shared accounts. Kind of a huge pain.
Alternatively, I've thought of sharing folders or individual logins from an individual's vault to a company vault, but I'm unsure how this sharing works. Is this a one time, move the data to a different location, or does it create a link between them? That is, if I shared a login to a different vault, then changed the password, would that change be reflected in it's new location as well?
I'm trying to find a solution that allows for different sets of logins/info (personal, work_individual, & work_company) can be shared as needed without requiring constant switching of Vaults.
Thoughts?
0 -
Many improvements to multiple vault support are planned. I'm not at liberty to discuss details, but we genuinely appreciate you letting us know of your interest in this area.
I understand it is not what you are asking for but I find the ⌘1-⌘9 shortcuts in valuable for quickly switching vaults in both the main 1Password app as well as 1Password mini. Perhaps that will help a bit for now.
0 -
@PhotoPass615, I merged your post with this existing thread. Please see above and let me know if you have any other questions. We'd be happy to follow up further.
Cheers!
0 -
Yeah, I read this thread before posting. I was hoping for a better solution.
Can you address my questions regarding how sharing works. Is it a one time share, or a working relationship?
0 -
Hi @PhotoPass615,
Is this a one time, move the data to a different location, or does it create a link between them? That is, if I shared a login to a different vault, then changed the password, would that change be reflected in it's new location as well?
Sharing an item between vaults is "one time, move the data to a different location". The items aren't linked, and do not sync between vaults.
0 -
+1 for improving vault sharing, especially in iOS.
Need ability to login to a secondary / shared vault only in ios, without requiring access to the master password for primary account.0 -
I'm glad to hear you're considering updates to how vaults work. Let me give you some context which might highlight the opportunity to put this at the top or near the top of your list: I work in a large organization and I have become the defacto informer and cheerleader for hacking awareness, stronger passwords, etc. I advocate to hundreds of people on the best tools to use. I have mentioned 1Password many times as one of the top contenders in this area. But, for the novice, getting set up is not the easiest thing in the world (let alone to understand). You guys have an opportunity to really move into the enterprise market by allowing admins to set permissions for every user. Some need more; some need less access to our accounts. I just wanted to tell you how timely and important this is from a personal and work pov. Thx.
0 -
Thank you all for the feedback! :)
allowing admins to set permissions for every user.
Since 1Password is an encryption app and not a hosted service, it isn't as simple as merely "granting access" to another user on our end. We simply don't have access to your data in that way.
0 -
Since 1Password is an encryption app and not a hosted service, it isn't as simple as merely "granting access" to another user on our end. We simply don't have access to your data in that way.
I outlined a couple of possible schemes for this here:
http://discussions.agilebits.com/discussion/22144/corporate-environment-use#latest0