Forum Discussion

klindelof's avatar
klindelof
5 days ago

Auditor Access (aka Global View-Only with no password access)

Hi All,

tl;dr I'm hoping to be able to view all groups (with membership) and vaults (including both credentials and membership but WITHOUT being able to see/use passwords) for my entire organization. I don't strictly need to view individually managed credentials, and definitely don't need access to personal accounts.

----

Background: My company uses 1Password to manage individual and shared work accounts. I'm involved from a compliance role in various audits of user access in different systems, and I consistently run into a challenge reviewing access to shared accounts. For each shared account, I have to rely on other relevant team leads for:

  1. screenshot of the account/credential itself, including what vault/folder it's contained in
  2. screenshot of the 1Password users/groups that have access to the vault/folder
  3. If groups have access to the vault/folder, then a screenshot of the 1Password users/groups that are members of the first group (and possibly going down the rabbit hole of nested groups)
  4. Reviewing the users with access and confirming they are appropriate to continue having access (or remove, if necessary)

This takes a lot of time for a compliance activity. I'm hoping to get access myself, but haven't been able to figure it out yet with my helpdesk team. Additionally, I know other teams perform similar reviews but for different systems, so I'm hoping this can be a role or group that myself and other compliance/auditor team members can have.

Q1: Is it possible to get a role in 1Password that provides access to all vaults (with membership), credentials in vaults (WITHOUT being able to see/use passwords - just the credential name, system, and username/email), and groups (with membership)?

Q2: Or if this access/role is not possible, is it possible to build a report that pulls this information in? I could just run the report when I'm doing this review.

Q3: How are other people doing this? Am I missing something totally obvious? 

Appreciate anyone's response and help. Thanks!

-KC

best practices
vault management

3 Replies

  • 1P_SimonH's avatar
    1P_SimonH
    Icon for Community Manager rankCommunity Manager
    4 days ago

    Thank you for your thoughtful and well-articulated post!

    You’re raising an important use case that we hear from customers in compliance, security, and audit roles. While 1Password is designed with strict access controls to protect sensitive information, we understand the need for greater visibility into vault and group structures for oversight and review.

    Some of what you’re asking touches on areas that would benefit from a deeper conversation, especially given the security model in place and how it aligns with your organization’s goals. We'd love to connect directly to understand your needs further and explore potential solutions or workarounds.

    If you’re open to it, I’d be happy to follow up via your account’s Customer Success contact or help get the right folks looped in.

    Thanks again for raising this. It’s a valuable conversation and something we’re actively thinking about as we evolve the platform.

    • klindelof's avatar
      klindelof
      4 days ago

      Hi Simon,

      Thanks for the reply! Having a deeper conversation sounds great - feel free to connect directly and we can continue the discussion!

      I'm sure some of the conversation will be organization-specific, but I'm optimistically hoping to share back here any discovered solutions (as I couldn't find any previous post that was exactly what I was looking for).