Multiuser password management for organizations
April 23, 2014 11:57 AM   Subscribe

I'm looking for a secure method for storing a large collection of passwords for things like vendor websites, pieces of equipment that don't support multiple user accounts, and other situations where each employee of our company having an individual account would be impractical or impossible. The password solution itself can be cloud-based (preferable) or locally hosted but should be accessible from anywhere by relatively non-technical end users.

I use 1Password personally and would love to see that basic functionality extended to an interface that is shared among multiple users, with administrators having the right to add/revoke access to collections of stored credentials on a per-user basis.

I know that ideally we would use RADIUS wherever possible and otherwise set up an individual account on every device or service for each user that needs to access that thing, but please take it as given that this is not feasible for some cases. I'm looking for a password vault to mitigate the risk involved in having shared credentials that must be used by multiple people, not suggestions for ways to stop sharing credentials.

Does such a thing exist?
posted by anonymous to Computers & Internet (7 answers total) 13 users marked this as a favorite
Passwordsafe is free and pretty industry standard.
posted by Cosine at 12:00 PM on April 23, 2014

We were discussing last week in our staff meeting. Apparently LastPass Enterprise does that sort of thing. You can set up very secure passwords that the end users never actually know, thus if somebody leaves the company your risk is significantly reduced.
posted by COD at 12:12 PM on April 23, 2014

Take a look at Passwordstate. It works fairly well for us with things that need to be shared across departments.
posted by Nonsteroidal Anti-Inflammatory Drug at 12:16 PM on April 23, 2014

KeePass is another password safe to add to the list.
posted by pipeski at 12:23 PM on April 23, 2014

We use LastPass enterprise for this. Each user would need to have an account, and you would share certain folders of information (or specific credentials) with a set of users. This part can be a bit tricky, not because of LastPass, but because you need to carefully plan how you want to control this for scalability. We settled on something similar to the classification scheme. i.e., smaller groups of individuals have access to more sensitive information, and each group has access to all information of lesser sensitivity.

So for example:

Ring 0 - Only two users, access to most sensitive passwords, and access to Rings > 0
Ring 1 - More users, no passwords from Ring 0, set of less sensitive passwords, access to Rings > 1 as well...
posted by odinsdream at 1:59 PM on April 23, 2014

We use Secret Server. I'm not a super fan of it compared to LastPass or 1Password for personal use, but it's self hosted, which we needed/wanted.
posted by togdon at 2:32 PM on April 24, 2014

Check out Rattic -- it does exactly what you want.
posted by nonspecialist at 3:16 AM on April 25, 2014

« Older Am making some linocut prints ...   |  Biotene has changed the formul... Newer »
This thread is closed to new comments.