Indent

@indent

Need to share passwords temporarily, then take back access?

Bingo—temporary 1Password vaults. They're your key to controlled info exchange; perfect for managing identity groups. Quick access, faster revocation, zero headaches.

Let's say you've got three vaults - social media accounts, single license accounts, and production API secrets. Each vault needs access by different teams. The old way? Manually add each user to the vaults relevant to them. Time-consuming, tedious, prone to error - we've all been there.

The new and improved way? Groups.

Let's create three groups, one for each team. Put all your marketing team into the 'Social Media' group, your business users into the 'Single License Accounts' group, and your senior engineers into the 'Production API' group.

Link these groups to the respective vaults - 'Social Media' should have access to the social media accounts.

Now, you need to set up the 1Password SCIM bridge. This is a bridge between your identity provider and 1Password. It allows you to manage users and groups in 1Password using your identity provider.

1. Set up the SCIM bridge in 1Password
2. Configure your identity provider to use the SCIM bridge
   • Google: Set up SCIM provisioning for Google Workspace
   • Okta: Set up SCIM provisioning for Okta

Now that you've completed the SCIM bridge setup, you can manage your groups and users in 1Password using your identity provider. With Indent, you can grant and revoke temporary access to these groups in 1Password based on your identity provider's groups.

Through Slack, a user is able to request time-bound, role-based access to vaults. Here is what that workflow looks like:

1. Open slack and enter /access
2. Fill out request form requesting access to break glass group, give reason, and hit enter
3. Indent verifies on-call status or other configured attribute of requester
4. Once verified, access is granted and provisioned for configured length of time
5. Indent notifies admins that break glass access has been granted
6. After configured duration, the requester loses access, but can request again if necessary

Want to learn more about Indent or have questions about getting 1Password set up? Feel free to schedule time that works for you and we're happy to answer any questions you have!