How to sync login between multiple vaults in 1password.com

Trying to understand the best practice of using Teams in 1password.com with multiple vaults and would appreciate your help:

If there is a login that is duplicated between multiple vaults, is there a way to sync them when information changes?

  • example: [email protected] is used by Team A and Team B
  • this account is saved to Vault A and Vault B
  • if someone changes the password, how are both logins in the 2 accounts synced?

Or, is there a specific way to manage multiple logs across multiple vaults shared between multiple teams?


1Password Version: 1password.com
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: 1password.com

Comments

  • FrankFrank

    Team Member

    Hi @chumtarou - Great question! In order for an item to stay in sync the original item has to be moved to the vault of your choosing. If you "copy" over an item and changes are made they won't sync over. Basically if you place a copy of an item in multiple vaults we can't sync over the changes across vaults since it would result in sync conflicts and duplicates. Only the original item that is "moved" over will stay in sync with changes. It would work best if you move the item to a vault then add team members from both A & B to that specific vault. I hope this helps and sorry for not having a better answer for your specific use case. Let us know if you have any questions. Have a fantastic day!

  • Oh I see - so for example:

    Scenario 1:

    People = Management + Staff + Contractors
    Login = anything @ someplace.com (some account that all the above need access to)
    These "people" would then be given access to a group friendly vault that everyone can access
    And, each group of people would have another vault just for them
    Is this the best scenario?

    Scenario 2:

    Will/can 1password.com eventually allow each login to have it's own permissions.
    For example, 100 unique logins where overlapping permissions are allowed while keeping only 1 instance of each login.
    Internal work related are only accessible by Management and Staff
    External work related are accessible to Management + Staff + Contractors
    Some internal are also accessible to Contractors
    Some Internal are only accessible to Staff
    Etc.

    We're trying to best understand how to manage the 100's of logins across different types of users with different types of access.

    Sorry for the additional questions but your insight would be much appreciated on best use cases.

    Thanks!

  • rickfillionrickfillion Junior Member

    Team Member

    Hi @chumtarou,

    Scenario 1 that you've described seems reasonable. You could then assign permissions to the various groups such that some people can only read vs read-write for example.

    As for Scenario 2 and the ability to assign permissions to individual items... that's something that's on our mind but it's not something we're currently working on. There's a lot of added complexity there, and trying to find a way to do it that wouldn't confuse the majority of users is a big challenge.

    My recommendation for you is to use vaults to bring together items of similar nature. For example at AgileBits we have a "Toronto" vault which includes all of the items that people who work out of Toronto office would need (wi-fi password, alarm codes, etc...). Then use groups to model who has access to what. Going back to my Toronto example, there's be a Toronto Management group that represents people who are responsible for maintaining that vault, and they would get read/write access to it. But then there can be a Toronto Visitors group, which gets Read-Only access to the items. If I visit the Toronto office, then they can temporarily add me to the Toronto Visitors group and I'd instantly get access to those items while I'm there without any concerns of me modifying them.

    I hope this helps clarify things.

    Rick

  • Very interesting and very helpful indeed.

    Do you have a use case website that I could share with the team on how to use 1password.com?

    We are all so used to having our own regular 1password that the jump to the Teams is a bit difficult to get everyone on the same page.

    As everyone has their own way of using regular 1password, we need to re-train everyone to the corporate way to use Teams while letting them do what they do with their own.

    Will keep looking over your website to create a team manual.

    Thx for the great feedback

  • rickfillionrickfillion Junior Member

    Team Member

    We really don't have a "here's how we recommend you use 1Password Teams" site/document. It's something that we've been wanting to put together but haven't gotten around to it yet. We're more than happy to work with you to figure out a model that would best work for your company. It may be better to do that kind of thing more one-on-one via email than on a public forum so that you can more freely talk about your scenarios. You can always email us at [email protected] and we'll do our best to help you figure it out.

    Rick

This discussion has been closed.