Shared vaults are the foundation of collaborative password management in 1Password Business. By organizing credentials into vaults with appropriate access controls, you can ensure team members have access to what they need while maintaining security. This guide covers creating, organizing, and managing shared vaults effectively.
Prerequisites
Before you begin, ensure you have:
- 1Password Business account with admin or owner access
- Team members added to your 1Password account
- Groups configured (recommended for easier management)
- Clear organizational structure for how credentials should be organized
Understanding Vault Types
1Password Business includes several vault types:
| Vault Type | Description | Visibility |
|---|---|---|
| Personal/Employee | Private vault for each user | Only the user |
| Shared | Team vaults with customizable access | Based on permissions |
| Private Shared | Admin-created vaults | Only specified users |
Step 1: Plan Your Vault Structure
Before creating vaults, plan your organization strategy:
Common Organizational Patterns
By Department
- Marketing Vault
- Engineering Vault
- Finance Vault
- HR Vault
By Function
- Social Media Accounts
- Cloud Services
- Development Tools
- Vendor Portals
By Project
- Project Alpha Credentials
- Client XYZ Access
- Product Launch Accounts
By Security Level
- General Business
- Sensitive Data
- Executive Access
Best Practice Recommendations
- Create vaults with specific purposes rather than overly broad access
- Name vaults clearly to indicate their contents and intended audience
- Limit the number of vaults to what's manageable
- Document your vault structure for reference
Step 2: Create a Shared Vault
From 1Password.com
- Sign in to your account on 1Password.com
- On your Home page, click New Vault
- Choose a vault type:
- Suggestions - Select from common vault templates
- Custom - Create a vault with your own name and settings
- Enter the vault details:
- Name: Clear, descriptive name
- Description: Purpose and intended contents
- Icon: Visual identifier (optional)
- Configure owner access:
- Team owners: Owners can manage the vault
- Administrators: Allow admins same level of access (optional)
- Click Create Vault
From 1Password Apps
- Open the 1Password app
- Right-click in the vault sidebar
- Select New Vault
- Enter the vault name and description
- Click Create
- Manage access through 1Password.com
Step 3: Configure Vault Permissions
1Password Teams Permissions
With 1Password Teams, you can set three permission levels:
| Permission | Capabilities |
|---|---|
| Allow Viewing | View items, copy passwords |
| Allow Editing | View + create, edit, delete items |
| Allow Managing | All above + manage access, delete vault |
1Password Business Granular Permissions
1Password Business offers five additional granular permissions:
| Permission | Description |
|---|---|
| View Items | See item details |
| Create Items | Add new items to the vault |
| Edit Items | Modify existing items |
| Archive Items | Move items to archive |
| Delete Items | Permanently remove items |
Additional Control Permissions
| Permission | Description |
|---|---|
| View and Copy Passwords | See concealed passwords, copy to clipboard |
| View Item History | Access and restore previous versions |
| Import Items | Move or copy items into the vault |
| Export Items | Save items to unencrypted files |
| Copy and Share Items | Share items outside 1Password |
| Move Items | Transfer items to other vaults |
| Print Items | Print item contents |
Step 4: Grant Access to Users and Groups
Add Individual User Access
- Navigate to Vaults in the sidebar
- Select the vault to configure
- Click Manage Access
- Click Add People
- Search for and select the user
- Set their permissions:
- Choose from preset levels (View, Edit, Manage)
- Or configure granular permissions individually
- Click Save
Add Group Access
- From the vault's Manage Access page
- Click Add Groups
- Select the group(s) to grant access
- Configure permissions for the group
- Click Save
Tip: Using groups makes permission management much easier, especially when team members join or leave.
Configure Group Vault Permissions
- Navigate to Groups in the sidebar
- Select the group to configure
- Click Vaults
- Click Manage next to the group
- Select vaults to grant access
- Click the gear icon next to each vault to set permissions
- Click Update Vaults
Step 5: Organize Items Within Vaults
Use Categories Effectively
1Password supports various item categories:
- Logins - Website and app credentials
- Secure Notes - Confidential text information
- Credit Cards - Payment information
- Identities - Personal information
- Software Licenses - License keys and registration info
- API Credentials - API keys and tokens
- Servers - Server access information
- Databases - Database connection details
Add Tags for Cross-Vault Organization
- Open an item in the vault
- Click Add Tag or the tag icon
- Enter or select tags
- Tags can span multiple vaults for organization
Use Favorites
Mark frequently accessed items as favorites:
- Open the item
- Click the star icon to add to Favorites
- Access favorites quickly from the Favorites section
Step 6: Set Up Vault-Specific Policies
Restrict App Access
In 1Password Business, you can control which apps access a vault:
- Navigate to the vault's settings
- Under App Access, configure:
- Allow access from desktop apps
- Allow access from mobile apps
- Allow access from browser extension
- Allow access from 1Password.com
- Click Save
Configure Item Sharing
Control whether items can be shared outside 1Password:
- From vault settings, find Sharing
- Enable or disable:
- Copy and share items
- Export items
- Print items
- Save your changes
Step 7: Audit and Review Vault Access
Review Current Access
- Navigate to Vaults
- Select a vault
- Review the People and Groups sections
- Verify access levels are appropriate
Generate Access Reports
- Navigate to Reports in the sidebar
- Select Team Report
- Filter by vault or user
- Export for compliance documentation
Regular Access Reviews
Schedule quarterly reviews to:
- Remove access for departed team members
- Revoke unnecessary permissions
- Verify group memberships are current
- Archive unused vaults
Best Practices for Shared Vault Security
Follow Least Privilege Principle
- Grant minimum permissions required for the job
- Use View-only access when editing isn't needed
- Reserve Manage permission for vault administrators only
Restrict Dangerous Permissions
Remove these permissions from group access unless specifically required:
- Export Items - Allows downloading unencrypted data
- Copy and Share Items - Enables sharing outside 1Password
- Move Items - Could move items to personal vaults
Control Vault Creation
Consider removing Create Vaults permission from the Team Members group:
- Navigate to Groups > Team Members
- Click Permissions
- Uncheck Create Vaults
- Click Save
Then grant Create Vaults permission only to specific groups (managers, IT staff).
Implement Vault Naming Conventions
Establish clear naming standards:
[Department] - [Purpose](e.g., "Marketing - Social Media")[Project] - [Type](e.g., "Alpha Launch - Vendor Access")- Include security classification if needed (e.g., "Finance - SENSITIVE")
Troubleshooting Common Issues
User Can't Access Vault
Solutions:
- Verify they've been granted access to the vault
- Check if they're in a group with vault access
- Confirm their permission level includes viewing
- Have them refresh their 1Password app
Items Missing from Vault
Solutions:
- Check if items were moved to another vault
- Review item history for recent deletions
- Check archive for archived items
- Verify vault filters aren't hiding items
Permission Conflicts
Solutions:
- Review both individual and group permissions
- Remember: most permissive wins when there's overlap
- Consider using only group-based permissions for consistency
Migrating Items Between Vaults
Move Items
- Select the item(s) to move
- Right-click and select Move
- Choose the destination vault
- Confirm the move
Note: Moving requires Move Items permission in the source vault and Create Items permission in the destination.
Copy Items
- Select the item(s) to copy
- Right-click and select Copy
- Choose the destination vault
- Confirm the copy
Next Steps
After setting up your shared vaults:
- Document your structure: Create a vault directory for your team
- Train team members: Ensure everyone knows which vaults to use
- Configure SSO: Enable single sign-on for easier access
- Set up Watchtower: Monitor vault items for security issues
- Schedule reviews: Plan regular access audits
Additional Resources
Need help organizing your 1Password deployment? Inventive HQ provides comprehensive password management consulting, including vault structure design, permission audits, and security policy implementation. Contact us for a free consultation.