Recover Account After User Leaves Organization

Community Feedback
1

Good evening
I have a question
I would like to buy passbolt, but I have some doubts

  1. It is not possible to recover the account without the private key right? If a user loses their private key, are their passwords lost?

  2. My organization has 10 users, two users leave without telling me anything, how can I access their passwords? There is no way, as an administrator I should be able to do it, I saw that I can’t change anything. You always need the private key. Right?

2

Hey @danieltnc1981 welcome to the forum!

  1. Generally speaking yes that is correct. If they are still logged in they can download another copy. In the Pro version we do have a feature(Account Recovery) that allows admins to save an encrypted copy and help users who lost their key.
  2. So by default you would have needed access to those before they left. Since you can share access to passwords any important ones should be shared. The way around this would be the Account Recovery feature mentioned in point 1. You could as an admin use that feature to access the account of the users who left, but it is always better to have things shared before people leave
1 Like
3

Hello and thanks for the reply
But my problem is that if I have a user who leaves from one day to the next, if I don’t access his email I can’t even access his passwords right?
I saw that it is not possible to change the email
Are there no other ways?

Thanks

4

You would typically need access to the email account to do the Account Recovery in this case. This is one of those areas where the security of passbolt is highlighted. We keep secrets secure which means even admins aren’t going to be getting access to them. Really the best way here is to be absolutely sure that users are sharing the passphrases that they need to be sharing.

The reason the email address can’t be changed is because it is tied to the GPG key(recovery kit) of the user.

Could you explain your use case a bit more here in regards to the users leaving one day to the next where you don’t have access to their email accounts?