Enhancement request: Support "internal" domains in Business and Teams

GregKet1
GregKet1
Community Member

Since the Business and Teams versions of 1Password are designed for corporate use, having the ability to add the corporate domains to the list of domain-matching would make it infinitely more useful. For instance we have domain-search-order lists with several domains which make it so we don't have to enter the domains into the browser to go to "firewall1.ourdomain.corp", we just type "firewall1".

And I would actually suggest making it so you could support a list of domains per 1Password Group. With that feature the entire company could have multi-host matching for domain.internal, or domain.local, or domain.whatTHEYwant and they company could have a Dev Group that has host "router1", "switch1", "server1", etc and the Production Group could have the same host "router1", "switch1", "server1" but each group would have its own domain and therefore would go to its own devices "router1.dev.domain.corp" and "router1.prod.domain.corp".


1Password Version: 7.0.558
Extension Version: 4.7.1.90
OS Version: Windows 10 Enterprise
Sync Type: Team

Comments

  • GregKet1
    GregKet1
    Community Member

    .corp is another "internal only" domain that is commonly used. Domain matching would be really helpful. And the .corp and .local domains are supposed to Never be made public; that is the entire point of them: a domain you can use that can never leak out into the world even if you misconfigure something.

    An example (that I've already provided in the past),
    host1.domain.corp
    host2.domain.corp
    host3.domain.corp

    Create a 1password entry for domain.corp. Never matches when logging into host1 2 or 3.

    And in 7.0x if you create one entry in 1password called "hosts" and has a separate website entry for each of https://host1.domain.corp, https:host2.domain.corp, https://host3.domain.corp; when you try to fill for host3, it changes the URL in Chrome to host1, since it is the first website listed. Not very useful.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited June 2018

    @GregKet1: It's definitely something we'll consider, as I know that could help in some cases. The problem is that trying to support just any made up "domain" can cause issues with real ones. If 1Password just treats the part before the . as the domain and the part after as the suffix, that's all well and good for ourdomain.corp, but then this quickly breaks things for pretty much anyone in the UK or Japan (and many other places around the world), since then 1Password would treat the co.jp in everything from amazon.co.jp to yahoo.co.jp as the domain and think these are the same website (and "amazon" and "yahoo" appear to be subdomains for that same site). Suffice to say, we don't want our Amazon credentials being filled at Yahoo! So 1Password uses Mozilla's public suffix list to find the top level domain. There are some set aside for the sort of purpose you've got though, so you may want to try using those instead of just making them up. And they can also accept submissions. 1Password just has no idea how a custom/internal TLD works, but if we can find a way of helping with things like this without breaking 1Password for users around the world, I suspect we will. Thanks for your feedback on this! :)

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @GregKet1,

    Is the issue you describe specific to a particular platform or version. I can't say I've ever seen 1Password perform open-and-fill when filling the current page was more applicable so I'd like to learn more in order to try reproducing.

  • GregKet1
    GregKet1
    Community Member

    Sorry for the long delay, we've been going through some acquisitions so I've been buried.

    LittleBobby, to be honest, I only run into this issue on my work computers which run Windows for Teams with Chrome.

    Brently, you make a great argument. But .corp is hardly "made up", it has been a Windows domain best practice for years for internal domains so that it can't conflict with external, public domains like those listed in Mozilla's list. In fact, "You will never be able to own an official .home, .mail or .corp domain name or email address on the public internet." because ICANN has permanently blocked them since they ARE used internally so much: https://www.theregister.co.uk/2018/02/12/icann_corp_home_mail_gtlds/

    As an alternate solution, what if 1Password Teams/Business/Enterprise were allowed to define "our domain" or a list "Our domains" in the management portal and just those entries were added to the Mozilla list you use? That would solve the problem entirely and we could have one 1Password entry with one Website entry for our domain, instead of the 100s we now have.

    Thanks for the time!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @GregKet1: It's an interesting idea. The apps handle that right now so it isn't possible. And frankly us doing it that way would be bad news for anyone not using a 1Password.com membership. I'm not sure it's the right solution, but it's certainly worth considering for the future. Thanks for your thoughtful comments on this! :)

  • GregKet1
    GregKet1
    Community Member

    Has anything ever come of this?

    I'm still having to have many many entries in 1Password for Host{x}.domain.corp instead of a single entry for domain.corp that matches all of them.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @GregKet1: Everything I said my earlier reply still holds true. But it wouldn't hurt to reach out to your business rep to discuss your particular use case in more detail.

    That said, there's nothing stopping you from adding multiple URLs to a single Login item. That's very much supported, and sounds like it would help with this:

    I'm still having to have many many entries in 1Password for Host{x}.domain.corp instead of a single entry for domain.corp that matches all of them.

    Without impacting anyone else. Let me know what you think. Happy holidays! :)

This discussion has been closed.