Organizations & Teams
Use Passwall for teams with an operating model that scales: shared vaults, least privilege, and fast onboarding/offboarding.
Recommended operating model
The “default” workflow we recommend for most organizations.
- Prefer shared vaults over sending passwords in chat tools.
- Keep admin access minimal; use least privilege for day-to-day work.
- For offboarding: remove access → rotate credentials → review activity logs.
“Everyone is an admin” starts fast but ends expensive: accidental sharing, unnecessary access, and painful offboarding.
Setup: organization, teams, and access
A practical structure for teams and collections.
Organization basics
- Set billing/contact email
- Define who can administer settings
- Decide if 2FA is required for admins
Teams & collections
- Create teams by function (Engineering, Finance…)
- Create collections by system/domain
- Start with view access; elevate when necessary
Onboarding checklist (new hire)
Make access consistent and reversible.
Offboarding runbook (employee/vendor)
Reduce your blast radius back to baseline.
- Remove the user from org/team access (immediately)
- Rotate passwords/keys for shared critical accounts
- Revoke tokens in related systems (SSO, GitHub, cloud)
- Review audit logs / recent activity
If a credential was ever shared widely, assume compromise is possible and rotate it—even if there’s no evidence of misuse.
Security practices for teams
Small rules that prevent large incidents.
- Require 2FA (especially for admins)
- Reduce shared accounts; prefer individual accounts + RBAC
- Keep break-glass access in a separate collection
- Make password rotation and access reviews periodic
Read Security Model for deeper technical details.
Roles & permissions
How to think about access.
Admin
Invitations, policies, configuration. Keep this small.
Member
Day-to-day use and shared vault access.
Lost master password?
Know what is (and isn’t) possible.
Need help?
Fast paths to support.
Visit Support Center or contact us.