Is there a way, as the admin (account owner/manager) to see/edit/manage user passwords/logins?
I would really like to ability as admin to see the terrible passwords my users are creating and change them, or at least be able to use them myself if I need to login to a service we're using.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @counteragent!
This is possible in shared vaults, if you are a member of them. You will not be able to see other users' Private vaults however (the same way other users cannot see what you store inside your own Private vault).
0 -
What happens if an employee quits, how do I gain access to their private logins? These are services I'm paying for and would need the logins to revert to an admin account at the very least.
0 -
If a team member is in the process of leaving an organization, we recommend that an administrator work with them to offboard any important company passwords and data to a shared vault, so that any passwords can be changed after the user departs and loses access to their account. You can find a relevant article covering that process below:
Offboard a team member
This doesn't address the exact scenario where a user has already left the organization, however. I'd be happy to pass on your feedback to our team for consideration. I can envision certain instances where an employee may have access to sensitive data before leaving, making it difficult for administrators to retrieve or make the necessary changes to these credentials. While I cannot promise any changes will be made in this area, due to the security and privacy design surrounding the Private vault. I'll let our team know there's some interest.
0 -
Thanks for the information. I'll read over it.
It would be great if it was always a known and amicable departure. Unfortunately, we've had some bad experiences in the past with employees either straight up leaving without notice or just not on the best terms. It would be great to have some way to recover data from these private accounts in such circumstances.
0 -
Thanks for sharing your detailed feedback about how you onboard your users into 1Password in your organization. There's certainly some area for improvement when it comes to offboarding users and ensuring shared company data can be safely transferred to a shared vault credentials can be updated. With that in mind, our development team always puts security and privacy above convenience, and this has shaped decision making in 1Password since the beginning. We appreciate all constructive feedback and use it to improve 1Password for all users, so thank you again for taking the time to share yours.
Let me know if there is anything else I can help with.
0 -
The thing is, with these team/business 1password accounts, the private vault for each user shouldn't be their personal vault. It' merely private in that they are the user that creates and logs in via those private vault logins. It only make sense for the business paying for those accounts (again not personal accounts, business) that we should have ultimate access to them. This could even be something as an account owner you could enable or disable and make clear to each user that this is the case.
Unfortunately, not everyone works for a tech (or adjacent) company and has employees that understand how to follow simple technical instructions. This is very similar to company email, in that we as a company have a right to know how it's being used. The current shared vault implementation is fine for some things, however, we would have to create far too many shared vaults to be so specific to just one or two employees that it would make managing too time consuming.
0 -
Hi @counteragent! Apologies for our delay in getting back to you. Let's dive back in. :smile:
The thing is, with these team/business 1password accounts, the private vault for each user shouldn't be their personal vault.
The Private vault provided for each regular user within a team or business account is intended to be for their individual work-related data. In a typical work environment, we'd recommend that any owners or administrators within a team or business account work directly with their teams to explain the purpose of these Private vaults, along with reaching out to any individual team members directly if there's ever a need to review the contents of their Private vault. It's best to clearly define the purpose of Private vaults internally within your team to ensure they're aware of how they should be used.
This could even be something as an account owner you could enable or disable and make clear to each user that this is the case.
We have received requests from other team and business customers asking for the ability to disable Private vaults, so I'll make sure that your request for this gets added to our internal tracker. :+1:
Thanks again for sharing your thoughts and feedback! We really do value these kinds of discussions and input, as it gives us really valuable insight into how 1Password is used differently across various kinds of teams.
ref: internal/business-roadmap#6
ref: internal/business-roadmap#750
