Beta feature: "Limit vault access to specific 1Password apps"

ajbool
ajbool
Community Member
in Business and Teams

Hi,

I noticed a Beta feature "Limit vault access to specific 1Password apps" in my account's Teams settings. This change seems to have been included in build 209. I can't however find any controls in the WebApp that relate to this.

I'm interested to see if you can force groups of users to only access 1Password-protected data from local clients rather than via the web app.

If you can give me a pointer to where this is controlled, that would be great.

Many thanks,

Adrian

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: kb-search:beta, kb:undefined, kb-search:Limit vault access to specific 1Password apps, kb:undefined, kb-search:2FA

Comments

  • Jacob
    Jacob

    Hey @ajbool! Thanks for keeping an eye on our beta features. The vault-specific access feature is only for vaults, as the name suggests. ;) You can find it at the bottom of a vault page:

    Hope that helps.

  • ajbool
    ajbool
    Community Member

    Hi @Jacob, I hang my head in shame; I don't know how I didn't see that yesterday. :-(

    A small comment on the implementation if I may. Could you consider showing all the client types at all times (i.e. not just the enabled types) but highlighting those that have been enabled with a green arrow and leaving all disabled client methods with the existing grey arrow? To me, the existing grey indicators look like the client is disabled.

    Many thanks for your help. This beta feature does exactly what i was looking for - denying access to a Vault from the WebApp client. (I worry about Web App HTTPS sessions being intercepted to your servers within the client environment which could lead to an attacker gaining the Master Password by injecting a very small amount of Javascript into the session.)

  • Jacob
    Jacob

    No shame needed! :lol: It's a perfectly forgivable action.

    Could you consider showing all the client types at all times (i.e. not just the enabled types) but highlighting those that have been enabled with a green arrow and leaving all disabled client methods with the existing grey arrow?

    Thanks for the feedback. We had a few discussions about how to design this and it felt best to not display what wasn't available. I'll let the team know we should keep this in mind for a future change though as it may help in some cases.

    I'm glad this feature came in handy for you. If you have more feedback about it down the road just let us know.

This discussion has been closed.