considering 1Password for business use - is my case feasible?
Is it feasible to use 1Password in a business capacity wherein individuals can be granted access (and later possibly having said access revoked) to a shared vault? I'm considering upwards of 30-40 users that need would require access to various shared vaults.
I do understand revoking access to a shared vault would not deleted synched data on any given 1Password client.
Example case: I have a team of developers who need access to various internal and external systems. When a developer joins a team, I'd like to give them access to a "global" shared vault and a project specific shared vault. If a developer leaves the company, I'd need to remove them from all shared vaults. Or, if they leave a project permanently, I would remove them from a particular project's shared vault.
Could I do this via a single Dropbox account?
I love 1Password, have used it for years, and have turned countless people on to it. I'd like to use it in my company, but wonder if it is designed to be used this way or if I need to consider a product like Thycotic's "secret server" offering. http://thycotic.com
Thanks,
Mike
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @wagnerone ,
Thanks so much for being a 1Password ambassador, you rock! Now, 1Password's Multiple Vaults feature is close to what you're looking for. The one sticking point is that there is no mechanism within 1Password to revoke access to a shared vault. There are ways to prevent the user from making future changes, but at this time, sharing a vault is like sharing a secret - it can't be unshared.
I would be more than happy to share your scenario with our team and let them know that you're looking for a more robust option in 1Password. :)
0 -
Hi,
Sorry for the delayed response. Thanks for your response and attention!
I figured there would be no mechanism to revoke access to an already shared, cloned vault on a remote workstation. I surmise access to new modifications to the vault would be revoked by "unsharing" the Dropbox shared vault to a particular user.
They'd still have what they had from last Dropbox sync of the shared vault, but nothing new would propagate from the shared vault. There'd be no way to prevent them from keeping or accessing the last synched local copy of the vault.
Mike
0 -
Hi @wagnerone,
You would be correct and in an odd way I think it's possibly a good thing. That might sound odd so please hear me out. If they had access to the vault they could have been copying the contents all this time, in terms of security you probably have to assume so. That means changing all the passwords they had access to or disabling accounts where required. It's a pain but this approach kind of forces you to do so because there isn't any way to revoke access. My concern would be if people don't feel passwords have to be reset because access was revoked. It may be I'm not appreciating certain aspects of the enterprise world of course but the one thing we know about the digital world is it's really easy to copy stuff and hard to stop it.
I took a peek at the alternative you're considering. It looks like you might be after a very specific service as it was definitely aimed at enterprise IT level based on their blurb from what I could see. We love that you love 1Password but it might not be the best fit for those specific wants. Still, we hope you keep enjoying 1Password :smile:
0 -
Yes. Good points and I agree wholeheartedly. We have to assume anyone that has a view of security related items has copied them and can retain/use them indefeinitely. It's on the security item provider to assess the risk and take measures to ensure their securied items continue to be protected. Even with this other product I mentioned. I can't imagine a way to revoke/recover secrets once given to someone. Like you say, said secrets have to be changed (or some other measure has to be in place to prevent their use). No doubt about that these days!
Oh, I am not going anywhere in regards to 1Password. I have 1377 items in my vault and counting. I use it all day every day. :)
0 -
Hi @wagnerone ,
Thanks so much for following up - it's wonderful to know that you're sticking with 1Password. We're so happy to have you!
Please do let us know if you have any other questions or concerns about 1Password, we're here for you. :)
0
