Skip to main content

Groups and Vaults

Background

1Password has the concepts of Group and Vault.

  • Vault - Shared repository for passwords.

  • Group - Specific set of users with permissions to access a specific Vault.

Groups have a default set of permissions set by an orgainsation level policy.

This is the system we use for access control. When we create users in 1Password we add users to a specific Group so that they have access limited to specific shared Vaults. Only Owners and Administrators can create Groups and Vaults (at the moment).

A user can be part of one or more Groups, that has access to one or more Vaults.

Access to a Vault must be approved by the Vault owner. Owner details can be found in the Vault Description field.

Create a new Group

A new Group may be required when a new Vault is created (see below), or if a different set of permissions is needed for a set of users on an existing Vault e.g. “Read-Only”.

1Password guide can be followed to create a Group.

When created you can add existing users to the Group and add the Group to a Vault.

Alternatively, the Group Owner can be set as a Manager in the Group page which will allow them to add Users to the group themselves (note, this is the only permission they get)

Create a new Vault

A new Vault may be created to share a new set of passwords. A new Vault can be linked to a new or existing Group.

1Password guide can be followed to create a Vault.

When created you can add a new or existing Group to the Vault.

NB - Don’t add users directly to a Vault. Their permissions my be incorrect as a result.

NB - When creating a Vault add the Owner’s email address to the Description field e.g. Owner: example@digital.justice.gov.uk.

This page was last reviewed on 5 November 2024. It needs to be reviewed again on 5 February 2025 by the page owner #operations-engineering-alerts .