KeePass alternative with user authorizations and more?

[McFly_55]

Hello people of the interwebs,

 

I hope this topic is in the correct section and that someone can help me out here.

I'm currently in the process of finding an alternative for KeePass in our Office. Currently we use multiple databases and restrict access to the folder locations inside windows, so that not every employee e.g. can gain access to the database with the administrative data in it.

First I thought of hosting Bitwarden in a Docker-Container on our Synology NAS but the way Bitwarden is structured doesn't really work for us.
KeePass' structuring of folders, subfolders and multiple entries in each of them is exactly what we need for our password database. We are a SAP Partner and do have to manage a lot of customer server environments with a bunch of passwords per system. 

In KeePass I can have a Folder for Customer A, B, C, etc...., and inside that folder a nice structured list of all the accounts/users and passwords for those customers systems.

 

The Problem is, that KeePass doesn't feel really designed to be used with multiple users, as you cannot give authorizations to any users. I want all of our shared password databases inside one database and then give permissions to users to control which passwords they can access.

Also everyone should be able to have a personal space inside that database to manage their own passwords (E-Mail, etc.)

 

So basically KeePass but with the user control you have with PM's like Bitwarden, Nordpass, etc.

 

I hope this description can be understood.

Thanks in advance for your suggestions!

 

Cheers,

McFly 

[Nayr438]

17 hours ago, McFly_55 said:

The Problem is, that KeePass doesn't feel really designed to be used with multiple users, as you cannot give authorizations to any users. I want all of our shared password databases inside one database and then give permissions to users to control which passwords they can access.

Also everyone should be able to have a personal space inside that database to manage their own passwords (E-Mail, etc.)

I have never used KeePass, but with Bitwarden you can have users join a Organization, then you can create Collections/folders along with sub-folders that only specific users can access.

At the same time you can still allow them to have their own personal Vault.

https://bitwarden.com/help/about-organizations/

 

17 hours ago, McFly_55 said:

First I thought of hosting Bitwarden in a Docker-Container on our Synology NAS but the way Bitwarden is structured doesn't really work for us.

KeePass' structuring of folders, subfolders and multiple entries in each of them is exactly what we need for our password database. We are a SAP Partner and do have to manage a lot of customer server environments with a bunch of passwords per system. 

In KeePass I can have a Folder for Customer A, B, C, etc...., and inside that folder a nice structured list of all the accounts/users and passwords for those customers systems.

Except it sounds like Bitwarden does exactly what you want.

Edited October 1, 2022 by Nayr438
Remove Vualtwarden mention due to missing functionality.

[Nayr438]

3 minutes ago, NastyFlytrap said:

They said bitwarden's structure is not good for them, although i have no clue what that means.

The only examples provided

18 hours ago, McFly_55 said:

KeePass' structuring of folders, subfolders and multiple entries in each of them is exactly what we need for our password database.

18 hours ago, McFly_55 said:

In KeePass I can have a Folder for Customer A, B, C, etc...., and inside that folder a nice structured list of all the accounts/users and passwords for those customers systems.

are things Bitwarden can do however.

[McFly_55]

On 10/1/2022 at 4:11 PM, Nayr438 said:

I have never used KeePass, but with Bitwarden you can have users join a Organization, then you can create Collections/folders along with sub-folders that only specific users can access.

At the same time you can still allow them to have their own personal Vault.

https://bitwarden.com/help/about-organizations/

 

Except it sounds like Bitwarden does exactly what you want.

Thanks for your replies!

Maybe I didn't explain it well enough: 

We currently have around 40 Folders in our KeePass Database and most of them have subfolders which then contain 10-30 Passwords.

 

In Bitwarden you cannot just search for a folder for example. You manually have to look for the folder you want, then open it and the search then searches inside this folder.

 

Let's say I have 3 Folders (Customer A, Customer B, Customer C). If I now search for "Customer A", Bitwarden does not return a result nor open the folder. KeePass does that.

And that functionality is a key feature we need as the numbers of customers where we need to manage a bunch of logins etc., increases monthly.

 

So basically KeePass is perfect, except of the missing Multi-User functionality Bitwarden offers.

I hope that was a bit clearer.

[me888]

The Business tier of 1Password does this, I manage it at my job.

 

Each user has their own personal "vault".  You can also have team vaults.  Permissions for those team vaults can be managed at the individual user level or the group level.  Ex: You could have an Ops team group, and then when you add a new user to that group it automatically adds them to vaults A, B, and C.

 

You can search all vaults that you are a member of at once or you can search individual vaults.

 

They also let you generate a secure link to share a password for a set amount of time, like 7 days. Pretty convenient for cases where you have a contractor or someone who you don't want to set up with an account to your password manager or they only need the login for a couple days for some work they are doing.

 

That said, it's a lot pricier than "free".  I use KeePass for all my personal stuff because I'm too cheap to pay a monthly subscription.

[McFly_55]

9 hours ago, me888 said:

The Business tier of 1Password does this, I manage it at my job.

Does it have the described search functionality for folders though?

[McFly_55]

Okay nevermind.

I just created a quick Testaccount for 1Password Business and this also does not have nice to manage folders and you also can not search for a folder.

 

Seems crazy to me that noone else than the KeePass developers have thought of this.

[me888]

5 hours ago, McFly_55 said:

Okay nevermind.

I just created a quick Testaccount for 1Password Business and this also does not have nice to manage folders and you also can not search for a folder.

 

Seems crazy to me that noone else than the KeePass developers have thought of this.

Maybe I'm not understanding your original post because if you swap out the words "folders" for "vaults" I think it's possible to accomplish what you are saying.

 

If you want nested folders/vaults that would be a no-go.  But you can still lump vaults together by having groups that are associated with more than 1 vault.

 

Have you evaluated Passwordstate? https://www.clickstudios.com.au/passwordstate.aspx

It's much more "database oriented" so it might be up your alley.  Nested folders and being able to search for folders are also a thing.

 

[Nayr438]

38 minutes ago, me888 said:

Maybe I'm not understanding your original post because if you swap out the words "folders" for "vaults" I think it's possible to accomplish what you are saying.

 

If you want nested folders/vaults that would be a no-go.  But you can still lump vaults together by having groups that are associated with more than 1 vault.

 

Have you evaluated Passwordstate? https://www.clickstudios.com.au/passwordstate.aspx

It's much more "database oriented" so it might be up your alley.  Nested folders and being able to search for folders are also a thing.

 

The OP wants to be able to Search for Organizations/Folders/Collections rather than manually navigating them. Then immediately drop them into it.

 

In Bitwarden for example you can search for all entries for a organization, but you can't search for a collection/folder, you have to manually navigate the tree or search for a specific login.

 

Edit: Its not really the structure that is the issue, but rather the Search Functionality.

 

[me888]

23 minutes ago, Nayr438 said:

The OP wants to be able to Search for Organizations/Folders/Collections rather than manually navigating them. Then immediately drop them into it.

 

In Bitwarden for example you can search for all entries for a organization, but you can't search for a collection/folder, you have to manually navigate the tree or search for a specific login.

 

Edit: Its not really the structure that is the issue, but rather the Search Functionality.

 

CTRL+F? Just kidding... kind of.

 

I think Passwordstate does this (lets you search for a folder then click on that folder to view entries within it) but it has been a few years since I've used it. It seems like OP should be looking at password managers oriented towards MSPs since they are more likely to deal with this scenario.

[McFly_55]

Okay thanks for your suggestions. I just got hit with covid on tuesday so I now have a bunch of time looking into that

 

On 10/4/2022 at 8:10 PM, me888 said:

It seems like OP should be looking at password managers oriented towards MSPs since they are more likely to deal with this scenario.

What do you mean with "MSP" (I'm not native to english)

[maplepants]

On 10/4/2022 at 12:59 PM, McFly_55 said:

Okay nevermind.

I just created a quick Testaccount for 1Password Business and this also does not have nice to manage folders and you also can not search for a folder.

 

Seems crazy to me that noone else than the KeePass developers have thought of this.

The way I'd do this in 1password is with Vaults and Tags. You absolutely can search for Vault names, and you can search for Tags too. So you can search for the "Customer A" Vault and select it, then within the Vault search for the "DB" tag or whatever. 

 

On 10/2/2022 at 4:23 PM, McFly_55 said:

Let's say I have 3 Folders (Customer A, Customer B, Customer C). If I now search for "Customer A", Bitwarden does not return a result nor open the folder. KeePass does that.

This flow can be done exactly as described with 1password Vaults.

[me888]

17 hours ago, McFly_55 said:

What do you mean with "MSP" (I'm not native to english)

MSP stands for Managed Service Provider, a third-party company that provides IT services to clients.

[McFly_55]

I just wanted to follow up on this, in case someone sometime may stumble over this thread and has the same question.

 

Not long ago I've finished the migration to Keeper. 
I actually came across Keeper shortly before Linus mentioned it on the WAN Show that they are switching to Keeper also.

We use the Enterprise Plan and I gotta say: It was worth every penny!

 

It is super easy to setup and migrate all your data. 
I've activated Azure SSO so I can easily manage all my users and they don't need to remember a long master password. All done throught MS Authentication with 2FA.

 

The folder structure is exactly like KeePass and as an Admin after Import I was able to share specific folders directly with either single users or groups / teams I've created in the Admin console. 

 

 

So if anyone is looking for an alternative to KeePass that let's you handle mutli-user access with permissions, groups, etc. Keeper got you definitely covered