best practice for sharing passwords between persons / departments / vaults
We started using 1password for teams at our company some time ago. And i am still confused on how to setup the vaults so that it makes sense.
We are structured in departments e.g. development, editorial staff, management and work with freelancers (guests)
at the start i started to create vaults for every department. But than i realized there is some overlap between some departments but not all (as i would rather not put them in the shared vault)
even if the shared vault would be an option we have guests account which can not access this vault (and should not) as we want only to share specific passwords with the guests.
So what are my options? I was hoping there would be a convenient "share this password with vault x" or even "copy this password to vault x" would improve my experience.
creating a vault per Projekt would create a heavy load on micro managment and even than we would have development passwords we would rather not share with the editorial staff.
I am managing 1password for teams in the browse btw. I am not aware if the available apps for windows / ios have maybe more features which would help me in organizing "the mess"
any input is appreciated. Thx for you time and potential help (- :
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @mindyk! That's a great question. We recommend using vaults for each department, and sometimes each project, because it's an easy way to organize things. In your case, it may be a good idea to create some vaults that cross over between two sets of people. "Editorial-Development Cover Page" would be a good naming scheme for something like that. Freelancers can simply be guests on the account, since they likely don't need access to the Personal vault, or the Shared one. You can then add them to any vaults they need to access while they're working for you, then remove their account when they no longer do. If they're long-term freelancers, you can just invite them as members on the account.
In the future, we're hoping to improve this quite a bit. We're planning to add custom groups, which will let you give a department access to specific vaults. So when you invite a new member, you can add them to that group and they'll automatically be granted access to the vaults available to the group.
So what are my options? I was hoping there would be a convenient "share this password with vault x" or even "copy this password to vault x" would improve my experience.
This option is available in 1Password for iOS, and also for the beta of 1Password for Windows 10. We're working on adding support to the standard Windows app as well. If you have pre-Windows 10 machines, you can use Teams in the browser as you mentioned, but you'll need to manually copy or move things between the vaults by copying and pasting the information at the moment. Browser support for that feature will be added in the future, but it's a ways out.
Let me know if that helps answer your question. :)
0 -
Trying to deal with the same situation here. There are so many things in 1Password for Teams that we love, but we simply can't make it work for our company.
The thing is that we want to share a set of credentials with one or more groups of people, while the approach of 1Password is to share one or more sets of credentials with one group. That drastically reduces the flexibility and makes it nearly impossible to apply the need-to-know principle. Copying credentials across vaults is bad practice and becomes unmanageable over time, and creating new vaults for each new group of stakeholders will lead to a jungle of vaults, also unmanageable.Compare it with file collaboration/sharing solutions (Dropbox, Box, ...). Setting up a content folder for each department just won't work. People work across departments, temporarily jump in for some project, replace someone on leave, etc. So you need more granular access control on group or individual basis.
We hope that somehow 1Password could still be tweaked to accommodate this (I assume common) scenario. I've been using it personally for several years already and I would leave to see it rolled out to the entire company.
0 -
@pminne I agree that copying things across vaults isn't a great solution for this. A better one may be custom groups, which we've discussed elsewhere on this forum. They're on our list, but we're working on a few other things at the moment. I'm sorry to hear Teams isn't working well for you guys at the moment, though. Have you tried a vault-centric approach with cross-department vaults like I mentioned in my post above? It's a workaround for the meantime, and it's the best thing we have for this specific use case.
ref: B5-1270
0
