Feature Request: Administratively Deny Primary Account Setup in Apps or Separate "for Teams" App
Right now, a concern we have in testing the 1P4T product is that it appears that end users can potentially enter a personal account as a "Primary" account, and also have their "for Teams" account right there in the same app. This can potentially lead to employees either accidentally (or intentionally) adding passwords and logins that are job-related to their own personal "Primary" account.
As an MSP, we would love for there to be an option that we could give our clients where there was NO way to include another account outside of the "for Teams" account established for that user. Either providing a client-side app with no "hooks" for other accounts, or allowing an option from the dashboard that allows the administrator to restrict a desktop client from saving to any Vaults that don't reside in the "for Teams" environment would be great.
The thought being that if a company is offering this product to its employees, the logins and passwords being held by the product should only be company-owned and company-related. If an employee leaves, the company has the right to be certain that when they remove access to the logins and passwords, there is no chance that an employee has been using their personal "Primary" vault, or has quickly copied or moved logins from the "for Teams" Vaults to their own personal Vaults.
1Password Version: 5.5-BETA28
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @ndcoonen ,
That's a great suggestion. I can certainly see the value of this and have raised an issue with the team to consider it.
As you likely realize, a determined employee who has access to save items could also simply write them down if they really intend to keep them. Such a feature would thwart accidental saving and copying/moving items in bulk.
Regards,
Kevinref: 796
0 -
Kevin,
Thanks for the prompt and thoughtful reply. And you're right -- a rogue/disgruntled employee will find a way to take what they want. That said, we would love to able to tell a client that there are features that make that process a more difficult manual task, rather than a quick drag and drop to another Vault outside of the "for Teams" environment. Your point about accidental copies/moves is dead-on as well.
0
