Is this just for teams who need to share the same login credentials?
Is this just for teams who need to share the same login credentials? For example all team members use the same SurveyMonkey user name and password, etc?
If not should I create a vault for each team member if I’m assigning email passwords, computer logins, Hipchat passwords, etc?
1Password Version: 5.5 B31
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Love to hear from the 1P team and the community what implementations they’ve found are working best for them. I kind of feel like I’m searching for a use case or justification for 1P Teams.
0 -
Hi @BoxCar,
Out of the box, every member in your team has access to 2 vaults: "Your Vault" and "Everyone". The "Everyone" vault is a vault that everyone in the team can read and write to. This would be a great place to place your shared SurveyMonkey login for example, so that everyone can access it. Then "Your Vault" is a vault where each individual can add items that don't need to be shared with anyone. For example, I'd want to store my AgileBits email credentials in that vault, because no one but me should be able to see or use those credentials. My "Your Vault" vault has significantly more items than our "Everyone" vault because we just don't have that many shared credentials.
Since every user automatically has their own "Your Vault" you probably don't want to create a new vault for them. Create new vaults as a way of grouping logins either by purpose or by who needs access to them. For example here we have a "Mac Developers" vault that stores credentials that all Mac developers here would need access to, along with codesigning certificates etc.
I hope that clears things up a little. Let us know if you have any more questions, we're happy to help.
Rick
0 -
I guess I’m looking at the use case of being the admin of each employee’s individual email, HipChat, phone system, Mac OS logins, etc. When there’s a new employee being able to say "here are your logins” or when an employee leaves, revoking logins from the exiting employee. It really is hard to keep track of what services an employee needs to be added to or removed from when there’s a new or exiting employee...
0 -
That's an interesting use case. As an admin, you can't access an employee's personal vault ("Your Vault"), though you could certainly set up a separate vault to share with them. At some point, we plan to implement the ability for those in the Recovery Group to "take over" a user's account, such as when an employee leaves.
It would definitely be nice to do a one-time sharing of items with a user without having to create a new vault to do so. We'll take that into consideration, thanks!
0 -
I'd echo this request - i.e. the ability to distribute the first time (expirable) passwords, or reset links, etc. for bringing on new members of staff/contractors, i.e. as a one time write into their personal vault. Creating a new vault each time seems like a lot of hassle! So my ideal use case is that all I need to do when a new person starts, is get them registered on 1Password for Teams.
You mentioned recovering a user's account above and recovery. Can you clarify this please - I think the problem is that there are 3 types of secret in 1Password for Teams probably through misunderstanding when there are only 2, i.e.:
- Personal Secret that should not be recoverable within the Team (such as non work email account which may be a recovery account for personal stuff) - I suspect that these should NOT be in the Team Vault but I guess people see 'Personal' Vault and think, OK I'll put my personal email account in there as a backup
- Individual Team Member Secret - this could be their work email logon, or bitlocker recovery key/pin for their work laptop. This shouldn't be easily available, i.e. in the Personal Vault, but should be recoverable if the employee leaves/dies/long term sick, etc.
- Shared Team Member Secret - i.e. the stuff in the non Personal Vaults
Am I right in thinking this is just for types 2 and 3? If this is the case, is this made absolutely clear in the invitation email/registration process for new users?
0 -
Thanks for echoing this request, @happyadam73. We have some plans on how to make onboarding new team members much easier. The details are still being ironed out but it would be great if you could pre-populate an employee's vault and transfer ownership directly to them. When combined with secure one-time sharing of items, onboarding will be much much easier.
As for your question about the Recovery process and taking ownership of Vaults, you're right in your understanding. There is no "personal" vault and we've done our best to avoid using that term anywhere. At the beginning of time we indeed called it the "Personal" vault within 1Password for Teams, but we renamed it as it muddied the waters. Old habits die hard, however, and that's why you saw Rob refer to it that way :)
In the latest beta version of 1Password for Mac, we have renamed the menu item for creating new vaults to New Personal Vault to help distinguish between Team vaults and those vaults which you manage yourself. We also cover this in the (as yet to be published) Admin User's Guide, and will also cover it in the User's Guide. I'm hoping we can share these early in the New Year.
Cheers!
0