Any update on this? I'm currently in trial with 1Password and a few competitors. I absolutely love everything about this product except your sharing solution through the vaults. We are a small team but it will be a hard pass if this isn't even being seriously considered.
Other than copying the item in multiple vaults, or putting it directly in a shared vault, I am afraid that we don't have anything else to share at the moment
This has also been very painful for us - please move higher up your priority list, we need this functionality and not having it completely obscures the purpose of vaults in the first place.
We are also very interested in this for a Teams account we're setting up, We have a variety of team members -- many of whom need access to shared interests in various vaults,
Hello, I will immediately buy OnePassword Business with at least 25 seats as soon as this feature is implemented fully/correctly. We absolutely need **group **plus **individual **password access and sharing permissions for our department that has a mix of roles - IT support / developers / admin / AV / contractors. We manage hundreds of passwords, and I can see that as it stands now, to grant the correct visibility to each person / unit, I would have to create and maintain many multiple vaults and synchronise the duplicated passwords in each. That is a messy work-around that is not flexible or scalable. I have had 'OnePassword' as an approved line item in my budget for the last two years but will not purchase until this issue is resolved. I would prefer to use OnePassword versus other similar online tools based on your ownership and privacy policy. I check these forums every few months and read the same threads to see when this feature will be implemented - hoping that it will be soon! Hope this feedback is helpful - I can explain further offline if necessary.
I appreciate you sharing your feedback about your use case here. I also encourage you to reach out to our Go To Market team at [email protected], if you're not already in contact with them. They may be able to work with you and provide a solution using the current features found in 1Password.
I wanted to enroll 1password to our teams as well, but lacking the feature of "linked" items is holding me off too.
We have some hundreds of passwords to share between our teams. Some of them shared with only one other team, some of them with multiple teams. Building separate vaults for every sharing constellation makes the product quite unusable. People always have to use the "all vaults" option, which makes it hard to manage private and shared accounts within one account.
Most users don't know who has access to a password, so can't choose the right vault to search.
I understand that the separate encryption keys for each vault are an issue for this feature, but isn't there a way around? Thinking of some kind of an update table only holding IDs and timestamps of linked items which got updated and as soon as someone with access to both/all vaults with the linked item logs on, it gets updated. If someone uses this linked item, without having access to the vault with the updated version, you could at least give him a warning about a possibly outdated item.
It is possible that there could be another solution here in the future, but for now creating separate vaults for each sharing situation is the only option. Unfortunately I suspect if there were an easy win to be had here we would've already taken it.
Thinking of some kind of an update table only holding IDs and timestamps of linked items which got updated and as soon as someone with access to both/all vaults with the linked item logs on, it gets updated.
It would seem this would mean having to decrypt the full details of each item in that table every time anyone with access to those items unlocks 1Password. Depending on how big the table is, that could substantially slow the process. Not saying that for sure this approach wouldn't work, but that is one potential roadblock I could foresee.
What a wonderful discussion. While I share not just the experience but also the sentiment that something needs to change in 1P to make this easier for all of us, I would also like to throw in the perspective of a security engineer and CISO:
Sharing passwords is bad. Not matter how, no matter what.
Even if you use a very secure system to share accounts and passwords, like 1P, it's still an accident waiting to happen. Instead of waiting for 1P to give us better sharing options, you should work towards avoiding shared accounts altogether. From a security best practice perspective, every user should have their own account to access a system. System accounts (like root, admin, etc.) should only be accessible by a very limited subset of people.
I know this is easier said than done (and outright impossible in some scenarios), but it's certainly something everyone should work towards and try to accomplish as much as possible. At least when it comes to user accounts. I am not really talking machine to machine communication (which 1P tries to tackle with their new "Shared Secrets" product).
What is the status on this? It's been 3 years since this thread was started and it's still not in the product. I find this limitation a rather huge one within a company where you want a single item but multiple pointers to it from separate vaults. ... basically saying what everyone has already.
I can appreciate that this is technically complex for the 1Password team to implement but this doesn't change our need for it. While we could create more vaults and move items to those vaults which can have different permissions but then you get into a maze of permission hell, needing to think about who has access to what. Think of this scenario:
Vault foo (permission: Alice and Bob)
Item 1
Item 2
Vault bar (permission: Charlie and Danny)
item 3
Suppose now Item 2 needs to be shared with Charlie and Danny in addition to Alice and Bob. However, item 3 should be only for Charlie and Danny.
So to do this, you need to create another vault, that gives permission to all 4 people and move item 2 to it:
Vault foo (permission: Alice and Bob)
Item 1
Vault bar (permission: Charlie and Danny)
item 3
Vault bar (permission: Alice, Bob, Charlie and Danny)
item 2
I think it's easy to see how this gets out of hand quickly. The most logical way to think about this is how everyone has requested it: be able to have item 2 in both Foo and Bar vaults:
Vault foo (permission: Alice and Bob)
Item 1
Item 2
Vault bar (permission: Charlie and Danny)
item 3
item 2
Sure we could copy item 2 to Vault Bar, but that then forks it and violates a huge benefit of 1Password -- 1 source of truth for a password. So the logical to thing for us to request is that Item 2 is NOT a copy, but actually the same item as what's in vault foo just protected with different permissions/access depending on the user and vaults they have access to
We are a company of about 75 people and surprised this does not exist yet as a feature despite this thread being 3 years old, and past requests being 4-5 years old.
While I appreciate that this may be hard to do technically, this is an obvious need from my POV, and also evidenced by how many people have asked for it.
We can certainly create new vaults for this but not only does that seem to unnecessarily create vaults it is more of an issue of managing the complexity of permissions to vaults.
Consider this example:
vault foo (access: Alice, Bob)
item 1
iem 2
vault bar (access: Charlie, Danny)
item 3
item 4
If Charlie and Danny need access to Item 2 along with Alice and Bob, without also sharing access to item 1, the only way to do it is to create a third vault and move item 2 to it:
Thank you for the feedback as well, and for the example! I am sure our developers will find this useful, and the example you brought up is one I believe was discussed in the past
Comments
Team Member
@daimoonmedia:
We don't have a timeline to share at the moment I am afraid, but thank you for letting us know that you would like this as well
Any update on this? I'm currently in trial with 1Password and a few competitors. I absolutely love everything about this product except your sharing solution through the vaults. We are a small team but it will be a hard pass if this isn't even being seriously considered.
Team Member
@Mattbeatty89:
Other than copying the item in multiple vaults, or putting it directly in a shared vault, I am afraid that we don't have anything else to share at the moment
This has also been very painful for us - please move higher up your priority list, we need this functionality and not having it completely obscures the purpose of vaults in the first place.
Team Member
Noted @Sessapine, thank you for letting us know!
We are also very interested in this for a Teams account we're setting up, We have a variety of team members -- many of whom need access to shared interests in various vaults,
Team Member
Hi @LewG
Thanks for taking the time to share, and for letting us know your team could benefit from this functionality.
Hello, I will immediately buy OnePassword Business with at least 25 seats as soon as this feature is implemented fully/correctly. We absolutely need **group **plus **individual **password access and sharing permissions for our department that has a mix of roles - IT support / developers / admin / AV / contractors. We manage hundreds of passwords, and I can see that as it stands now, to grant the correct visibility to each person / unit, I would have to create and maintain many multiple vaults and synchronise the duplicated passwords in each. That is a messy work-around that is not flexible or scalable. I have had 'OnePassword' as an approved line item in my budget for the last two years but will not purchase until this issue is resolved. I would prefer to use OnePassword versus other similar online tools based on your ownership and privacy policy. I check these forums every few months and read the same threads to see when this feature will be implemented - hoping that it will be soon!
Hope this feedback is helpful - I can explain further offline if necessary.
Team Member
@IanBurrowes
I appreciate you sharing your feedback about your use case here. I also encourage you to reach out to our Go To Market team at
[email protected], if you're not already in contact with them. They may be able to work with you and provide a solution using the current features found in 1Password.I wanted to enroll 1password to our teams as well, but lacking the feature of "linked" items is holding me off too.
We have some hundreds of passwords to share between our teams. Some of them shared with only one other team, some of them with multiple teams. Building separate vaults for every sharing constellation makes the product quite unusable. People always have to use the "all vaults" option, which makes it hard to manage private and shared accounts within one account.
Most users don't know who has access to a password, so can't choose the right vault to search.
I understand that the separate encryption keys for each vault are an issue for this feature, but isn't there a way around? Thinking of some kind of an update table only holding IDs and timestamps of linked items which got updated and as soon as someone with access to both/all vaults with the linked item logs on, it gets updated. If someone uses this linked item, without having access to the vault with the updated version, you could at least give him a warning about a possibly outdated item.
Team Member
Hi @ClemensG
It is possible that there could be another solution here in the future, but for now creating separate vaults for each sharing situation is the only option. Unfortunately I suspect if there were an easy win to be had here we would've already taken it.
It would seem this would mean having to decrypt the full details of each item in that table every time anyone with access to those items unlocks 1Password. Depending on how big the table is, that could substantially slow the process. Not saying that for sure this approach wouldn't work, but that is one potential roadblock I could foresee.
Ben
What a wonderful discussion. While I share not just the experience but also the sentiment that something needs to change in 1P to make this easier for all of us, I would also like to throw in the perspective of a security engineer and CISO:
Sharing passwords is bad. Not matter how, no matter what.
Even if you use a very secure system to share accounts and passwords, like 1P, it's still an accident waiting to happen. Instead of waiting for 1P to give us better sharing options, you should work towards avoiding shared accounts altogether. From a security best practice perspective, every user should have their own account to access a system. System accounts (like root, admin, etc.) should only be accessible by a very limited subset of people.
I know this is easier said than done (and outright impossible in some scenarios), but it's certainly something everyone should work towards and try to accomplish as much as possible. At least when it comes to user accounts. I am not really talking machine to machine communication (which 1P tries to tackle with their new "Shared Secrets" product).
Just some food for thought.
Team Member
Thank you for sharing this perspective @cryptochrome! Indeed, finding a balance is a good challenge
What is the status on this? It's been 3 years since this thread was started and it's still not in the product. I find this limitation a rather huge one within a company where you want a single item but multiple pointers to it from separate vaults. ... basically saying what everyone has already.
I can appreciate that this is technically complex for the 1Password team to implement but this doesn't change our need for it. While we could create more vaults and move items to those vaults which can have different permissions but then you get into a maze of permission hell, needing to think about who has access to what. Think of this scenario:
Vault foo (permission: Alice and Bob)
Vault bar (permission: Charlie and Danny)
Suppose now Item 2 needs to be shared with Charlie and Danny in addition to Alice and Bob. However, item 3 should be only for Charlie and Danny.
So to do this, you need to create another vault, that gives permission to all 4 people and move item 2 to it:
Vault foo (permission: Alice and Bob)
Vault bar (permission: Charlie and Danny)
Vault bar (permission: Alice, Bob, Charlie and Danny)
I think it's easy to see how this gets out of hand quickly. The most logical way to think about this is how everyone has requested it: be able to have item 2 in both Foo and Bar vaults:
Vault foo (permission: Alice and Bob)
Vault bar (permission: Charlie and Danny)
Sure we could copy item 2 to Vault Bar, but that then forks it and violates a huge benefit of 1Password -- 1 source of truth for a password. So the logical to thing for us to request is that Item 2 is NOT a copy, but actually the same item as what's in vault foo just protected with different permissions/access depending on the user and vaults they have access to
We are a company of about 75 people and surprised this does not exist yet as a feature despite this thread being 3 years old, and past requests being 4-5 years old.
While I appreciate that this may be hard to do technically, this is an obvious need from my POV, and also evidenced by how many people have asked for it.
We can certainly create new vaults for this but not only does that seem to unnecessarily create vaults it is more of an issue of managing the complexity of permissions to vaults.
Consider this example:
vault foo (access: Alice, Bob)
vault bar (access: Charlie, Danny)
If Charlie and Danny need access to Item 2 along with Alice and Bob, without also sharing access to item 1, the only way to do it is to create a third vault and move item 2 to it:
vault foo (access: Alice, Bob)
vault bar (access: Charlie, Danny)
vault car (access: Alice, Bob, Charlie, Danny)
You can see how this gets unruly quite fast.
Team Member
@tmchow:
Thank you for the feedback as well, and for the example! I am sure our developers will find this useful, and the example you brought up is one I believe was discussed in the past
Linked Items by ID please please please!
Team Member
Thanks for adding your voice to this discussion, @JamesFez.