[tw04]

Correct - on-prem = on-premise.

AD integration meaning yes, ability to tie users/groups between 1password and existing AD infrastructure. The idea there being that if a user is terminated, and their AD account is deleted/locked out, everywhere else is locked at the same time. Having to go to 20 different systems to try to clean them out is a great way to miss accounts :)

[AGKyle]

Hey, thanks so much for that. Seriously, means a lot to come in here and know full well you're not really the right person to answer the question but give it a shot anyway and the other party is gracious enough to explain it.

I will definitely be passing this along so we have some proper request information on hand. My bosses are reading this, one has even interacted in this discussion already so they're seeing this already but I'll make it a bit more official tonight when I write up a summary of what I seen requested.

Thank you again for taking the time to make sure I was on the right track.

Kyle

AgileBits

[jms703]

Recommend including LDAP integration in addition to Active Directory. With such a large Mac userbase, you're likely to have more customers using LDAP than AD.

[keeper]

Keeper Enterprise has AD / LDAP integration! Check us out https://keepersecurity.com/enterprise.html

[samirageb]

1pw user here and long time AD architect. If you have any questions around AD/LDAP, I'd be happy to answer what is 'common' when dealing with AD-integrated solutions.

[jpgoldberg]

Ah, that is better. No promises (and nothing in the immediate future), but this does certainly remain in the realm of possibilities.

I don't want to speak for the down-voters (I'm not one of them and I think your comment is was a valuable contribution), but when I first saw AD integration requests I assumed that people wanted AD managed Kerberos authentication to 1Password for Teams; and so imagined delegating 1Password for Teams authentication and authorization to a third entity.

Don't get me wrong. I love Kerberos. And in very early planning stages we looked at it quite a bit. But Kerberos is only about authentication. We need client derived encryption keys as well as authentication tokens to achieve our security goals of end-to-end encryption.

[newman314]

No, not delegated auth although 2 factor might be nice.

Delegated user admin/sync would be what I'm looking for. Centralized user management along with RBAC makes it much easier to set policy.

[keeper]

Check out Keeper Enterprise. We have delegated auth, 2 factor, AD/LDAP sync and centralized user management with a policy engine. And much more :)

[newman314]

I see in your comments that you are a new user.

I have no issue checking Keeper out but two things to note:

1) It's considered good form to clearly disclose your affiliation

2) Repeatedly spamming/commenting a different product's thread isn't.

Comment once or twice. Feel free to submit your site to HN with something interesting (blog post?) and people will up vote accordingly if there is validity.

=)