Forum Discussion

JOE_CFO's avatar
JOE_CFO
New Contributor
2 months ago

Client Access

I run an accounting firm, and many of my clients want to share their banking and credit card logins with my team so we can download statements and keep their books up to date.

Right now, every time we log in, the bank sends the client a text with a verification code. They then have to send that code to us. This takes time and slows them down—especially for busy business owners.

I want to make this process easier for them.

Here’s my idea—can you confirm if this setup works?

  • Create a business account in 1Password
  • Set up a separate vault for each client
  • Invite the client as a guest to their vault
  • Let them add the login info they want to share with us

That way, I can manage team access easily as staff members come and go.

My main question: How can we get around two-factor authentication (2FA) so we can log in and pull bank statements without bothering the client every time?

best practices
vault management

1 Reply

  • 1P_Timothy's avatar
    1P_Timothy
    Icon for Community Manager rankCommunity Manager
    2 months ago

    Hi JOE_CFO​! Thanks for joining the Community. 

    From my understanding of what you're trying to achieve, yes what you described in the bullet points would work. You can invite a client to a vault as a guest, manage what sort of vault permissions they have, and give different people on your team access. I'll note that 1Password Teams includes 5 guests, and 1Password Business 20. However, you can invite more guests to 1Password Business for an additional cost.

    The 2FA aspect is where things get a little trickier. If a bank (or other account) only offers 2FA via SMS, email, or similar, this goes directly to the account holder's phone or email, and 1Password won't be able to intercept it. However, if a bank (or other account) offers 2FA options such as a TOTP, or a passkey, this could be stored in the 1Password login item and used by both your team and client. If a bank offers those 2FA options, your team could ask or guide clients in switching to them from existing SMS/email authentication. 

    Let us know if you have any questions, and thanks again!