Approval process for elevated access

Question

Hi,I have a use case for our business that is to address PAM issues when it comes to platforms that do not have granular access controls.As an example:Our end users are have access to 1 or more vaults.The IT team has access to all vaults, except Accounts (AR/AP).Our IT team uses a highly privileged service account to manage the implementation in a CRS or CRM.The details are stored in an IT Vault, for which the IT team has continuous access to.Sometimes a member of the IT team needs to use a service account to amend the implementation.Instead of reactively addressing access through audit logs or manually assigning and unassigning vault access, the feature request would be to have an approval process - much like Microsoft's PIM approval - to access a certain item or vault in 1Password.This way, the access request is passed to designated users or groups, that may approve the access.The access approval could be contingent on either all designated users approving, or 1 elevated users approval.

1p_simonh · Answer

Hi NiklasL,Thanks for articulating so clearly how this would help you! I've submitted it to our Product team for consideration.ref: PB-49424628

Forum Discussion

Approval process for elevated access

1 Reply

Recent Discussions

Feature Request: Bulk Edit of Item Icons

Moving our business 1password to another business

Migrate users to Azure AD - Expiry

Kolide: Allow admins to set Checks to get re-checked soon after restart

Expected behaviour of the (newish) MANAGED_UPDATE=1 MSI deployment parameter