OnBoarding 52 members to 1p for teams, thoughts, feedbacks, problems, etc'
Good feedback :
People LOVE the experience, the UX, everything is very "nice" and looks good
The QR scanner just blows their mind (for those few who experienced it)
Auto-fill from the chrome extension, when first they see it, is awesome
Improvement feedback :
The QR window is not draggable, only by it's "title bar", EVERYBODY who I on-boarded, tried to drag it by the window itself and didn't understand why it doesn't drag.
I onboarded a few people before you added the "sign in with 1p for teams" to the mac app, making it very difficult for me to explain the difference between 1p primary vault, 1p your vault and then the other vaults. Also the difference between master passwords
The onboarding itself confused a lot of people, and then the "install extensions" pop up, pops up, and disturbs the onboarding as well. WHen someone tries to scan the QR code from the site, the "install extension" thing jumps there, and the QR doesn't work untill you get rid of it. Super annoying.
People don't understand the "account key" thing at all. The number of times I sent the link to explain to them what it is is about 15-20
NOBODY looks at the awesome "here's what 1password is about" screens. Literally people just ignore it.
I wrote about this before, but sharing is a really really big pain point. Everything else almost is dwarfed by the fact that people just don't get why sharing doesn't exist! They want me to share a specific password with them. And I can't.
The way I'm sharing right now is : right click on a login, choose "share via messages", then copy it, then go to our own installation of "sharelock.io" and then paste the 1p link there. I would love to have any other solution for that workflow.
Managing users from the iphone is not possible. I always forget my mac when I go to someone's workstation and onboard them. Making it weird, as after they accept the invitation, the don't see passwords, as I didn't approve them yet. And they have no vaults installed.
Importing works only on a mac. This is kind of a big deal, I needed to remove my own for teams on my mac, and then add theirs, and the import for them, and then make them change their passwords. Wasn't at all easy!
Sharing / moving between vaults is impossible with the web view, only in apps (osx/ios) which not everyone has
A lot of people complained about the fact that they can see "all vaults" but there's no way to see "All team vaults" without adding their own to the mix. This is kind of annoying.
This is from the top of my head, I'm sure there will be others, if you do fix anything form the above, sharing is definitely the no. 1 pain we have that stops us from working properly.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Thanks for the awesome feedback @altryne, here are my thoughts on your suggested improvements:
- The QR window is not draggable, only by it's "title bar", EVERYBODY who I on-boarded, tried to drag it by the window itself and didn't understand why it doesn't drag.
Completely agree and we've opened an issue to get this added to an upcoming update.
- I onboarded a few people before you added the "sign in with 1p for teams" to the mac app, making it very difficult for me to explain the difference between 1p primary vault, 1p your vault and then the other vaults. Also the difference between master passwords
Yes, for those who are only using 1Password for Teams the new Teams only signup flow should be a significant improvement. Have you found that this flow removes most of the confusion?
- The onboarding itself confused a lot of people, and then the "install extensions" pop up, pops up, and disturbs the onboarding as well. WHen someone tries to scan the QR code from the site, the "install extension" thing jumps there, and the QR doesn't work untill you get rid of it. Super annoying.
Great find... we've tested the on-boarding many times but since we all have the extension installed haven't run into that issue. I will open an issue for that.
- People don't understand the "account key" thing at all. The number of times I sent the link to explain to them what it is is about 15-20
This is definitely a problem that we are thinking a lot about. We are going to be making some changes to the first run experience when joining 1Password for Teams. I hope that this helps people better understand the Account Key and importance of saving it. Ultimately it is a wonderful security feature but as it is not common, will be something that needs more explanation than I would like. We need to do better here and make the concept easy enough to understand with just a couple of sentences.
- NOBODY looks at the awesome "here's what 1password is about" screens. Literally people just ignore it.
We have removed the Welcome Screen in the new setup flow as it seemed to be a page that people simply closed. I would love however to continue to find a way to give folks a bit of information about 1Password at startup so they can use it more effectively. What are your thoughts on a Guided Tour on first startup that would talk through the main 1Password features?
- I wrote about this before, but sharing is a really really big pain point. Everything else almost is dwarfed by the fact that people just don't get why sharing doesn't exist! They want me to share a specific password with them. And I can't.
To make sure I completely understand your scenario... you are looking for individual Password sharing rather than the vault level sharing that we currently offer?
Currently you can share passwords between individuals by creating a shared vault and then choosing who has access to that vault. This works really well in situations where you have 2 or more folks who need to share a set of credentials. For example, if you have a social team that is sharing access to the teams Twitter/Facebook/Mention etc. accounts. However, it can be a bit of overkill for a scenario where you simply want to send another individual a Password. For example if you create a password protected document and simply want to send that other person the password. If I have your scenario correct then this is definitely something we are looking at.
- Managing users from the iphone is not possible. I always forget my mac when I go to someone's workstation and onboard them. Making it weird, as after they accept the invitation, the don't see passwords, as I didn't approve them yet. And they have no vaults installed.
I've asked the team to take a look at the mobile browsers to see what is needed to support them. The web crypto support (or lack thereof) has been a challenge in some browsers, but I am not sure if it is an issue here. I should have more to report back soon.
- Importing works only on a mac. This is kind of a big deal, I needed to remove my own for teams on my mac, and then add theirs, and the import for them, and then make them change their passwords. Wasn't at all easy!
I agree. We need to add the import capability to our web application so that items can be directly added regardless of whether you have the 1Password client application or not.
- Sharing / moving between vaults is impossible with the web view, only in apps (osx/ios) which not everyone has
This would be nice to have indeed. I've added a feature request for this to be added to our web application vault view, although we have many feature requests open for vault view, so I can't give an idea of when this might be available.
- A lot of people complained about the fact that they can see "all vaults" but there's no way to see "All team vaults" without adding their own to the mix. This is kind of annoying.
The Mac and iOS apps allow you to determine which vaults are included in the "All Vaults" view. There is an All Vaults settings screen where you can select which vaults to include or exclude. Would this help you out here?
Thanks again for the great feedback.
0 -
@Jeff Shiner thanks for the elaborate response!
What are your thoughts on a Guided Tour on first startup that would talk through the main 1Password features?
Sounds like it could be VERY useful for new people
Have you found that this flow removes most of the confusion?
Definitely! now that "sign in with teams" is an option, half of the people didn't even create private vaults
You understand my scenario properly, that if I have a "social" vault and it contains a lot of passwords to all our social media, and then for some reason I need to share only 1 password from there, with our resident twitter writer. I would need to somehow "share" it with him, which is only available in the OSX app.
The biggest problem with this is, the fact that I can't see who the password was shared with, nor it would update fore everyone who has access to it when we change the password, and we would need to "re-share" it.Think about a OTP scenario. Say twitter introduces 2 step. I add OTP to our twitter password which sits in the social vault. Later I need to share it with someone from outside the social vault. I send it to him, and now he can do whatever with it, share with other people, etc'
If in a scenario, where I could give "access" to a single password entity, to several vaults, and several people say, I'd just give access to the twitter password to that person, without the abillity to copy/share/send it to anyone else. Then, when they are out of the company, I could just revoke their access. And even if they copied the password and stored it somewhere else, the OTP would still prevent them from accessing that account.0 -
For your Twitter example, you mention that you'd like to give access to a single password to several vaults and people. The challenge we have right now is that we share at a vault level. In other words, if you wanted to share that item you could place it in its own vault and then share that vault as necessary. This would work just fine, but could become a pain if you had many such scenarios where you wanted to share an individual item with different groups of people.
What if we had the ability to send a copy of an individual item. If you wanted to share an individual item itself you would "share" it with others on your team (perhaps even outside your team). Underneath the covers it would create a read-only copy for those other users in their own vault. However, we could track who the item was sent to and if you updated your copy it could send any updates to the others. From a users perspective it should appear as though the item was simply shared.
0 -
This would work just fine, but could become a pain
We're already at that level. I created a "sharing vault" and I always need to maintain it and it's a pain
From a users perspective it should appear as though the item was simply shared.
This is the ultimate goal. A user wants a password, maybe that password also has OTP, so sharing it with something else then 1password is not possible at all.
I think this is a great suggestion, as currently,we are very limited in the way we share with users, making us be less secure as we need to add users to vaults they shouldn't be in, only because they need 1 password from that vault, and we VERY MUCH would like to prevent duplicates (harder to maintain...)
0 -
Thanks for getting back to us, @altryne. I'm glad you recovered from the holidays and continued this very useful thread :) It's been a great read for the team and I, and is helping us prioritize our to-do list.
The ability to share individual items has been bubbling up on our priority list for a while now, and thanks to posts like yours it is getting darn close to the top. Since it's not implemented yet I can't give a time line for when this will be done, but it's certainly something we're very interested in adding. From what you describe, I think you'll be very happy with what we have planned.
As for your other suggestions, we've had a lot of people off for the holidays as well, so there hasn't been as much progress there as I'd like, but we have made some great strides towards allowing you to manage users from your iPhone. We now have Safari support (for new teams only), including mobile Safari on iOS. There's work remaining as we need to provide a migration path for existing teams, but I'm hopeful that within the next few weeks you'll be able to approve new Team members directly from their desk with your phone. It will save you needing to carry your heavy Mac over with you :)
Take care, and have yourself a Happy New Year!
0 -
Hey @dteare !
Thanks for taking a lot of this stuff into account. I'm glad to see such commitment and response from the great 1password team.
Indeed except the sharing issues, and maybe the platform issues ( android/win10 ) everything else almost doesn't feel like beta. And it up the highest level I've come to expect from 1password in personal use.
Thanks and Happy New Year!
0