Groups and Vaults
Background
1Password has the concepts of Group and Vault.
Vault - Shared repository for passwords.
Group - Specific set of users with permissions to access a specific Vault.
Groups have a default set of permissions set by an orgainsation level policy.
This is the system we use for access control. When we create users in 1Password we add users to a specific Group so that they have access limited to specific shared Vaults. Only Owners and Administrators can create Groups and Vaults (at the moment).
A user can be part of one or more Groups, that has access to one or more Vaults.
Access to a Vault must be approved by the Vault owner. Owner details can be found in the Vault Description field.
Create a new Group
A new Group may be required when a new Vault is created (see below), or if a different set of permissions is needed for a set of users on an existing Vault e.g. “Read-Only”.
1Password guide can be followed to create a Group.
When created you can add existing users to the Group and add the Group to a Vault.
Alternatively, the Group Owner can be set as a Manager in the Group page which will allow them to add Users to the group themselves (note, this is the only permission they get)
Create a new Vault
A new Vault may be created to share a new set of passwords. A new Vault can be linked to a new or existing Group.
1Password guide can be followed to create a Vault.
When created you can add a new or existing Group to the Vault.
NB - Don’t add users directly to a Vault. Their permissions my be incorrect as a result.
NB - When creating a Vault add the Owner’s email address to the Description field e.g. Owner: example@digital.justice.gov.uk.