Every company has a different offboarding process, but access management should be the core focus. Here’s some advice to help you deal with passwords when a team member leaves.
Step 1: Help your team member move their data
If your team member has any work items in their Private vault that you’ll need to access later, help them move the items to a vault you have access to. If you don’t have a vault you both have access to, create one.
Ask your team member if they have any items they need to move to their personal 1Password account. If they don’t have a personal account, they can sign up for one.
On a device where they’re signed in to their work account, help them:
- Add their personal account to 1Password, which will allow them to move items between their work and personal accounts.
- Move their personal items to a vault in their personal 1Password account, and double-check that they haven’t missed anything.
- Sign out of the account(s) you don’t want to keep on the device. For example, if it’s a company device, sign out of their personal account.
Step 2: Suspend your team member’s access
After your team member has removed their personal items, suspend their account.
Step 3: Change shared passwords
Update passwords for all items shared with an offboarded team member. Make sure that someone who no longer works at your organization can’t access company data by resetting or changing passwords and tokens that were shared with them. Save the new passwords in 1Password so current team members have access.
To prevent your team member from viewing company data after they leave, create a list of shared items they had access to, so you can change the password for each account:
Click People in the sidebar, then click the name of your team member. You’ll see a list of vaults they had access to. You’ll need to change the password for each item in those vaults.
Make sure to check which vaults have been shared with the groups they belong to. If they belong to the Owners or Administrators group, assume they accessed every password in the vaults they can manage.
Create a usage report for your team member that shows all vaults for all time.
You can only see items a team member has accessed in vaults you also have access to. If possible, get a team owner to create the report.
Step 4: Remove your team member from 1Password
After you’ve taken care of all your team member’s data, you can permanently delete their 1Password account and close all their other work accounts.