Feature Request: Administratively Deny Primary Account Setup in Apps or Separate "for Teams" App

Community Member
edited December 2015 in Business and Teams

Right now, a concern we have in testing the 1P4T product is that it appears that end users can potentially enter a personal account as a "Primary" account, and also have their "for Teams" account right there in the same app. This can potentially lead to employees either accidentally (or intentionally) adding passwords and logins that are job-related to their own personal "Primary" account.

As an MSP, we would love for there to be an option that we could give our clients where there was NO way to include another account outside of the "for Teams" account established for that user. Either providing a client-side app with no "hooks" for other accounts, or allowing an option from the dashboard that allows the administrator to restrict a desktop client from saving to any Vaults that don't reside in the "for Teams" environment would be great.

The thought being that if a company is offering this product to its employees, the logins and passwords being held by the product should only be company-owned and company-related. If an employee leaves, the company has the right to be certain that when they remove access to the logins and passwords, there is no chance that an employee has been using their personal "Primary" vault, or has quickly copied or moved logins from the "for Teams" Vaults to their own personal Vaults.

1Password Version: 5.5-BETA28
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • Hi @ndcoonen ,

    That's a great suggestion. I can certainly see the value of this and have raised an issue with the team to consider it.

    As you likely realize, a determined employee who has access to save items could also simply write them down if they really intend to keep them. Such a feature would thwart accidental saving and copying/moving items in bulk.


    ref: 796

  • ndcoonen
    Community Member


    Thanks for the prompt and thoughtful reply. And you're right -- a rogue/disgruntled employee will find a way to take what they want. That said, we would love to able to tell a client that there are features that make that process a more difficult manual task, rather than a quick drag and drop to another Vault outside of the "for Teams" environment. Your point about accidental copies/moves is dead-on as well.

  • khad
    1Password Alumni

    Indeed. Such a feature would be more about not giving folks rope to hang themselves with rather than an iron-clad security feature. It's a great idea. Thanks again for bringing it up, @ndcoonen!

This discussion has been closed.