It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Sharing administration responsibilities
I work with an MSP and there are a few of us who are administering services for our clients. We're trying to figure out how to share 1Password. When you initially sign in you have to register your device. One of my colleagues says he last accessed this last year and now doesn't remember which computer it was from. When we try to sign in now we get: Sign into 1Password on the Firefox session that you have used before. Go to My Profile. Under Pending Sign-ins, look for Microsoft Edge. Select View. Allow the transfer request. Enter the verification code in the next step. I'm waiting on the owner of the account to reset our account and get us back in. In the meantime, what's the best way to manage this? Our client has the Enterprise Edition enabling SSO support. For us as an MSP, how can a few of us administer this a few times a year, to on-board people or reset access for others? Do we each need our own account?
Help with 1Password SSO Unlock Across Multiple Desktops
Hi, I’m looking for some assistance with 1Password in a small office environment (around 45–50 desktops) that runs Hybrid AD. We’ve enabled Unlock with SSO, and it works fine on a user’s first workstation. However, when the same user signs in on another workstation, 1Password prompts them to transfer their encryption key. The challenge is that our users often move between desktops throughout the day depending on their work schedule. This constant key transfer prompt is disruptive. Is there a way to disable this key transfer requirement or a recommended best practice to allow seamless use of SSO across multiple desktops? Thanks in advance for any guidance!
Central Control for Autofill Exclusions in 1Password Business
It would be very helpful if administrators in 1Password Business could set a policy to disable autofill for specific domains or subdomains. For internal portals like Topdesk we don’t need login items, and autofill only gets in the way. As an admin, I’d like to be able to centrally push this setting to a group, so users don’t have to configure it themselves. This would remove frustration for our team and make management much easier.
BloodHound OpenGraph
Exploring a 1Password instance to map user access to vaults SpecterOps BloodHound is a tool for mapping identities and attack paths for Microsoft products, but has added OpenGraph to do the same for other products , with one of the first examples being 1Password. What is our Bloodhound users' experience with this new tool? How does this compare to using the native tools? I have no affiliation with SpecterOps or experience with their products, but am interested in identity and access discovery in an information security context.
Permit/block access to vault by IP?
I have a situation where we want to allow access to a specific vault when they're using a given source IP. When coming from that same IP, we would want to block access to all other vaults. When using other IPs, we would want to grant full access. It doesn't appear to be doable now, but I would like to put in a feature request.
Employee Vaults - Access?
Hello all, our business environment requires that all passwords should be visible and reclaimable in the event that the employee leaves. This is fine with a shared vault, as other users have access as they may share them, or for redundancy. However we have a particular team where a shared vault isn't suitable, as each user has their own access to certain data. So in this case the Employee vault would be perfect. Except that I'm almost certain that these vaults can't be accessed by Overwatch roles, like Administrators or Owners, even though I've seen language on various docs from 1password that users with the right permissions can access them. Problem is I can't find these permissions to enable them to be visible when needed. What do you suggest is the best solution for this? Accounts are locked to business email addresses but reclaiming an account just because someone is on holiday and something important is stored in the Employee Vault sounds excessive...
