Better Guest Password Sharing: Feature Request/Improvement

Hello,

We've recently rolled out Guest accounts for contractors and freelancers that we work with on a regular basis. One of the challenges we currently face with Guest Accounts is Vault management both from a UX and administrative perspective.

  1. We invite a Guest
  2. They Sign Up
  3. We Confirm
  4. We Create a Vault for Them
  5. We add entries to their Vault
  6. (rinse and repeat)

User Experience Issue:
One of the problems with the above is that the rest of the Team is forced to see all of these Guest Vaults in the sidebar of the app. They can mark the setting to exclude those "Guest Vaults" from the All Vaults collection, which is great, but a user must do this on their own, and it's still included in the sidebar view—unless there's a visibility option I'm unaware of to hide that from the sidebar, yet still allow copying to those vaults.

Administrative Issue:
The other issue is with management. Someone must manually create this vault each time a Guest account is created when they only truly have access to one vault in the first place.

Feature/Ask:
What I would love to see in a future edition is a streamlined version of this.

To address the user experience, it would hide Guest vaults or it would group them under a "Guest Vaults" entry in the sidebar which could be collapsed by default and expanded to see them further.

To address the administrative issue, it could automatically create a "Default Vault" for the Guest based on their user name or other pattern.

To tie these both together, it could improve the "Copy To" feature to also have a "Guest Vaults" menu item with the individual guest vaults (automatically created by default) appear as sub menu items beneath it.

Thanks for listening and hope this would be a valuable addition to the product should it be considered and added one day.


1Password Version: 7.4.1
Extension Version: Not Provided
OS Version: 10.14.6
Sync Type: Not Provided

Comments

  • Here's an example...

  • bundtkatebundtkate

    Team Member

    I think there may be some improvements that can be made here already with a bit of clarification, @westurner. For example:

    the rest of the Team is forced to see all of these Guest Vaults in the sidebar of the app.

    This will be true for at least the person who created the vault, and perhaps others depending on permissions, but there is no requirement that you share this vault with everyone. Like with any vault, you should only share your guest vaults with those who genuinely need access to that data. The admins may need that so they can manage the vault and the guest will need it as well, of course, but there's a strong chance the rest of of your team doesn't need it. Just don't share it with them. This will keep the visibility of that vault more limited.

    Someone must manually create this vault each time a Guest account is created

    This one is a bit stickier. I think the general idea behind guests is that generally they wouldn't each need their own vault. Some may if they have a specialized role, but if you have an accountant working as a contractor, they're probably going to need access to the same accounting items your in-house accounting team does. You can (and should when appropriate) share existing vaults with your guests. Any vault (save your private vault, of course), may be shared guests. This also sort of ties in to your first point about others have access to these guest vaults. If you're sharing existing vaults already containing the items related to that contractor of freelancer's role, these vaults cease to be clutter and are instead part of you team members' normal 1Password landscape.

    Depending on what these contractors and freelancers need access to, though, perhaps the way your team is organized and structured requires vaults more tailored to each individual. If what I've discussed about doesn't make sense for y'all, share some more detail about what sorts of items these guests typically need access to. That will help me ensure I'm giving some good, detailed feedback to our development team and maybe think up a few more ideas that might help improve things right away for you. :chuffed:

  • Hey @bundtkate, thanks for your suggestions.

    I'll clarify our use-case a bit more. We're an agency and we work with freelancers. In most cases the production team (producers) will have access to all of the passwords on their accounts. They will then need to share specific access with freelancers. Those producers need to see and be able to copy to Guest vaults for that reason. We hide the visibility of contractors/freelancers for the rest of our team (designers and developers). Specific vaults for accounts is a bit harder as we have over 120+ accounts, which would add to the vault clutter. Internally, the whole team has access to those passwords, but contractors/freelancers do not.

    Hope that clarifies the use-case a bit more.

  • bundtkatebundtkate

    Team Member

    It definitely does a bit, thanks, @westurner! To clarify a bit, are these accounts specific to a given freelancer? For example, if I were working for you, you'd give me personal Logins for the systems I need access to in my guest vault and only I and your producers would have access to that item? Or is it more like each freelancer will need access to a certain subset of items that are shared with one or more folks? I ask because at a glance, it sounds like each of these vaults needs to be populated with items truly unique to a given freelancer. If I'm right, I'm not sure I have an excellent solution in mind out the gate and part of me wonders if guest vaults are even the right answer, but I think I'm getting a better handle on the problem that should help me provide a better rundown to our development team. :+1:

  • @bundtkate - you've almost got the idea.

    If you were a freelancer, a producer would be assigning specific logins to your Guest Vault.

    Whereas our producers will already have access to those credentials and several others.

    Therefore each freelancer only has access to the logins they need for the work to which they're assigned.

This discussion has been closed.