Forum Discussion

phillipc's avatar
phillipc
Occasional Contributor
20 days ago

What is 1Password doing to simplify user access for companies using many vaults?

We follow role-based access, like many other companies would for providing the right and lowest amount of access to their users as their role requires.

In order to do this with 1Password for appropriate credential sharing, we have to setup many vaults per each of our customers, as well as our own environments/projects.

With us currently sitting at around 78 vaults, the UI, search and overall functionality is really starting to show a lack of scalability for the business.

  • Sharing feature is not feasible due to expiration (nor would it be even if expiration wasn't there for the sheer point of manual process this requires)
  • Duplicating passwords makes everything worse as credentials do not sync back to the original item.

My questions are, 

What is 1Password doing about this? Is it something you are currently aware is an issue and working towards a solution?

If you are aware, what is the priority? Do you have a timeline for any improvements?

As there is no solution, either other companies are in the same boat as me or simply setting up less vaults and accepting the security risk that people get access to credentials not required for their roles.

best practices
discussion
feature request
vault management

3 Replies

  • 1P_Dave's avatar
    1P_Dave
    Icon for Moderator rankModerator
    19 days ago

    Hello phillipc​! 👋

    Thanks for reaching out! It sounds like the groups feature is something that might help with the role-based access control setup that your organization uses. Groups can be defined in any way that you need: by department, level of seniority, affiliation with a project, etc...

    You can read more here: Use custom groups in 1Password Business

    Once a custom group is created, you can add that group to a vault with the appropriate vault permissions. And you can even sync your 1Password custom groups with groups in your identity provider (Google Workspace, JumpCloud, Microsoft Entra ID, Okta, OneLogin, or Rippling): Automate provisioning in 1Password Business using SCIM

    If that doesn't help, or I misunderstood the issue, then let me know and the community and I can help further.

    -Dave

    • phillipc's avatar
      phillipc
      Occasional Contributor
      10 days ago

      Hi Dave,

      Unfortunately, groups do not solve this issue, it simply allows for simpler access to the many vaults required to support RBAC to the right credentials/vaults.

      A good example is supporting a customer which has multiple environments - test, production, UAT. Now you need to give your different teams and roles access to specific and overlapping credentials for that customer. How do you do this effectively without a spiderweb of duplicated credentials or just overly permission access to credentials not required for your teams?

      • 1P_Dave's avatar
        1P_Dave
        Icon for Moderator rankModerator
        6 days ago

        phillipc​ 

        Thank you for the feedback. I've shared your feedback internally with the team. If you have a 1Password Business account then I recommend that you also share this feedback with your Customer Success Manager (CSM) so that they can better understand your organization's needs. 

        Hopefully other members of the community can share how they're tackling this specific use case in their organization as well. 

        -Dave

        PB-49304302