MSP policy templates and vault permissions: what changes for IAM teams?

TL;DR: MSP identity governance needs repeatable controls, not one-off configuration effort, as 1Password is adding Policy Templates, Seat Limits, and Granular Vault Permissions to its MSP edition to reduce repetitive client setup, align usage with contracts, and tighten least-privilege access across managed companies.

NHIMG editorial — what this means for NHI practitioners

Questions worth separating out

Q: How should MSPs standardise identity controls across multiple client environments?

A: MSPs should define reusable policy baselines, apply them consistently across managed companies, and track any client-specific override as an exception.

Q: Why do granular vault permissions matter in delegated support models?

A: They matter because delegated support often expands faster than teams notice.

Q: When should organisations use seat limits in access governance?

A: Organisations should use seat limits when usage growth can affect cost, contract compliance, or approval discipline.

Practitioner guidance

• Standardise client baselines through policy templates Define reusable policy sets for common managed-company patterns, then document which settings are centrally enforced and which can be overridden by the client.
• Set seat limits against contracted service boundaries Map licensing caps to expected client growth, approval thresholds, and renewal triggers.
• Restrict shared vault access by role and task Remove default technician access where possible and assign vault permissions only to the support roles that need them.

What's in the full announcement

1Password's full article covers the operational detail this post intentionally leaves for the source:

• Reusable policy template setup across managed companies and the specific controls MSP administrators can centralise
• Seat limit enforcement details for users and guests, including how overages are constrained in managed companies
• Granular vault permission options for role-based and user-based support access
• How MSPs can apply these controls through the MSP console in existing customer environments

👉 Read 1Password's article on MSP policy templates, seat limits, and vault permissions →

MSP policy templates and vault permissions: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →