This is something that I miss, coming over from 1Password. For example, in their mobile app, I can pretty much do anything I need from an administrative point, without logging into their web vault.
- I can manage my account
- Invite and create new users
- Create/delete vaults and collections
- Move items between vaults/collections
- Use Watchtower to see my vault/password health (no need to login like BW to see reports)
These are just a few examples, but I could use the 1PW mobile app for 95% + of things I needed to do, without having to login to the website. Hopefully, BW can integrate and consolidate these features into their mobiel app at some point in the future.
This is the bonkers thing here. Regardless of where or how a user can clone a secret from an organization to their personal vault, the notion that only an admin on the organization can do so makes no sense. If you’re looking for some level of “control” to be maintained, then I could understand if the Manage permission on a collection would be required.
As long as the user has read access to the collection, does this level of obfuscation even matter? One could just copy the secret field by field into a new secret in their personal vault. I really don’t understand how a ease of use capability like this is locked behind so many layers? Or am I missing something?