Is it possible to attach a group to another group to simplify management of user permissions?

Having the ability to attach a group to another group would simplify the management of user permissions, as this would simulate a tree structure and the user could be added in one place, rather than multiple groups all over the place.

ex.
group a
├─ group b
├─ group c
├─ user 1
group b
├─ user 2
group c
├─ group d
├─ user 3
group d
├─ user 4

The flat structure is not sufficient for enterprise users, as it becomes a burden to manage both groups and vaults. The simple use cases are for small teams. But this is difficult at the enterprise level, as we have multiple teams who contain roles as developers, qe, devops, etc. who should not see the passwords for other teams or other roles. Do you have best practices documented to handle the above scenario?

We can get by vaults flat structure with a naming convention (deptName-sectionName-teamName-roleName), but we need the ability to add groups to other groups to simplify user management. Is this possible?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:Is it possible to attach a group to another group to simplify management of user permissions?

Comments

  • Hey there @iwebdevelop

    Are you using an identity provider in your company? If so, and if you manage groups and roles from there, you can integrate the following identity providers with the 1Password SCIM bridge to help automate this:

    • Azure Active Directory
    • Google Workspace
    • JumpCloud
    • Okta
    • OneLogin
    • Rippling

    You can learn more about the 1Password SCIM bridge here:

    Automate provisioning in 1Password Business using SCIM

    Have a look at that article and let me know if that's the kind of thing you're looking for. I'll be here if you need any further help. :)

    — Grey

  • iwebdevelop
    iwebdevelop
    Community Member

    Yes our business uses Okta, I didn't know about the 1Password SCIM Bridge and we were under the impression that the Okta Integration was still a work in progress: https://blog.1password.com/unlock-with-okta-public-preview/

    The 1Password SCIM bridge article will definitely help. I'll review this article with our team and if they have any further questions, we can post them here.

    Thanks
    — Paul

  • Hi there @iwebdevelop,

    I'm glad to hear the SCIM bridge may be helpful to your team. 1Password has two distinct Okta integrations. The integration with SCIM bridge allows for Okta to manage your team in 1Password and is already available to those using 1Password business. Unlocking with Okta is part of our upcoming SSO feature, which is still in private beta testing.

    If you have any questions about either of these, please email support@1password.com so we can connect you with our experts.

    Cheers,

This discussion has been closed.