New 1Password Business account setup question

SNM
SNM
Community Member

Hi, I just signed up for 1Password business and I would like to have it so that I can grant my team members access to certain login accounts but without letting them view the actual login credentials (so that they could not then externally share those passwords to 3rd parties without my knowledge). Is this something that could be possible with 1Password?

My thinking is that the order of operations is as follows: I assign the login credentials to a specific vault, give access to my team members to that vault but not to view the credentials held in the vault (is this something that is possible - to use the logins for autofill but not view the logins themselves?). When they need to login, they enter their specific 1Password login in the fill form for that specific website, and 1Password populates it with the login credentials without the team member ever seeing what the credentials are themselves.

Is this something that would be possible? If so, it would be the perfect solution and I would be looking to enroll 100-500 users over the coming year.

thank you


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_max
    edited July 2021

    Hi @SNM,

    Welcome to the 1Password Support Community. 👋

    Right off the bat, restricting the password field of items in 1Password so your team members cannot reveal them is absolutely possible with 1Password Business. Although the password will be hidden, note they will still have access to the username and email field within those logins.

    If a user or group lacks the View and Copy Passwords client setting for a shared vault, they will not be able to view or copy any of the password fields for saved items stored in that vault inside any of the 1Password client applications or web extensions. They will still be able to use 1Password in the browser to fill those passwords on the sign-in pages of websites and services.

    This article covers more about all the permissions and client settings you can assign:

    Create, share, and manage vaults in your team

    it's very important to note that this type of feature is mainly a deterrent, as we can only guarantee true compliance within the 1Password ecosystem of applications and web extensions. When 1Password is invoked by a team member to fill a login and password into a browser, they might still be able to obtain the password through the website. For example, certain sites allow you to reveal the password field. You can also make use of a browser's developer tools feature to obtain the password.

    Overall, the scenario you laid out in your post is doable. I hope this helps, and if there is anything else our team can assist you with, please let us know.

This discussion has been closed.