Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Employee Vaults - Access?
Hello all, our business environment requires that all passwords should be visible and reclaimable in the event that the employee leaves. This is fine with a shared vault, as other users have access as they may share them, or for redundancy. However we have a particular team where a shared vault isn't suitable, as each user has their own access to certain data. So in this case the Employee vault would be perfect. Except that I'm almost certain that these vaults can't be accessed by Overwatch roles, like Administrators or Owners, even though I've seen language on various docs from 1password that users with the right permissions can access them. Problem is I can't find these permissions to enable them to be visible when needed. What do you suggest is the best solution for this? Accounts are locked to business email addresses but reclaiming an account just because someone is on holiday and something important is stored in the Employee Vault sounds excessive...
BloodHound OpenGraph
Exploring a 1Password instance to map user access to vaults SpecterOps BloodHound is a tool for mapping identities and attack paths for Microsoft products, but has added OpenGraph to do the same for other products , with one of the first examples being 1Password. What is our Bloodhound users' experience with this new tool? How does this compare to using the native tools? I have no affiliation with SpecterOps or experience with their products, but am interested in identity and access discovery in an information security context.
Central Control for Autofill Exclusions in 1Password Business
It would be very helpful if administrators in 1Password Business could set a policy to disable autofill for specific domains or subdomains. For internal portals like Topdesk we don’t need login items, and autofill only gets in the way. As an admin, I’d like to be able to centrally push this setting to a group, so users don’t have to configure it themselves. This would remove frustration for our team and make management much easier.
Permit/block access to vault by IP?
I have a situation where we want to allow access to a specific vault when they're using a given source IP. When coming from that same IP, we would want to block access to all other vaults. When using other IPs, we would want to grant full access. It doesn't appear to be doable now, but I would like to put in a feature request.
Help with 1Password SSO Unlock Across Multiple Desktops
Hi, I’m looking for some assistance with 1Password in a small office environment (around 45–50 desktops) that runs Hybrid AD. We’ve enabled Unlock with SSO, and it works fine on a user’s first workstation. However, when the same user signs in on another workstation, 1Password prompts them to transfer their encryption key. The challenge is that our users often move between desktops throughout the day depending on their work schedule. This constant key transfer prompt is disruptive. Is there a way to disable this key transfer requirement or a recommended best practice to allow seamless use of SSO across multiple desktops? Thanks in advance for any guidance!
