I’d like to better manage our vault structure and data in line with best practices

Managing your data effectively and securely is crucial for your 1Password account. To achieve this, you can configure various settings that align with your policies and ways of working. When it comes to structuring your data in 1Password, we find organizations usually fall into one of three categories: Centralized, Decentralized, or a Hybrid Structure Model.

Each category considers different factors, such as access control and data ownership, so it's important to review them and determine which one best fits to ensure your team is set up for success. By doing so, you can ensure that your data is organized in an effective and efficient manner within your 1Password account.

Read about the different structures here to get started:

Centralized Model 📁

This method is ideal for businesses that want to keep the creation of vaults and groups within the 1Password administrative team. In a centralized method, Owners and Admins create all shared vaults within the 1Password instance, as well as mapping out groups and permissions - this typically reflects your organizational structure.

Tips: If you are using a centralized method, we suggest defining a clear process for your team members to request the creation of a new vault as needed. This method works great if you have an existing internal helpdesk system in place!

This method is a good starting point, and you can always shift the responsibility of creating vaults down the road as your business evolves.

Recommended first steps:

• Map out the groups you have within your organization
• Of those groups, map who will need access to more than one group (ie: Leadership may need access to various departmental vaults)
• Map out the vaults that will need to be created first

In this short video we cover how businesses can implement and manage a centralized model of vault management.

Decentralized Model 📂

This method is typically employed by teams that would like their end users to have the ability to create and share vaults as needed. This can be useful if you have various departments with different secrets sharing needs. Users within this method will be trusted to manage the information within their vaults, as well as which groups and individuals have access to the vaults. Owners will always have manage permissions enabled for all shared vaults if additional access or configuration is needed.

Tips: This can lead to a large number of shared vaults over time, and it is suggested to determine a shared vault audit and clean up on a semi-regular basis. When selecting this method, it is advised to create a list of vaults needed by most, or all of the organization to identify where to start.

In this short video we walk through how a business can employ a decentralized model of vault management.

Hybrid Model 🗂️

If you see benefits in both Centralized and Decentralized methods, the Hybrid method may be the right choice for your team! In this method, shared vaults are created by Admin and Owner users within 1Password, however a specific group is created and given permission to create vaults - this group may include Managers, power users, or whatever works best for your business. In this case, requests for new vaults are channeled to key departmental users rather than your Admin/Owner team.

Tips: To get started with this method, create a list of users that will be responsible for managing vaults, and create a group within 1Password. Ensure your power user group has an understanding of the creation and sharing of vaults to best support internal teams.

In this video we'll highlight how teams can implement a hybrid model of vault management.

This Guru card was created and published by the 1Password Customer Success and Solutions Engineering team.

For the fastest answers to your questions, please contact our support team at support@1password.com.