Monitoring Shared Vaults

As your organization grows, shared vaults accumulate over time. Some may become inactive, some may have members who have since left the team, and others may have been created but never shared. The Vault Sharing section of the Admin Console gives you a centralized view to audit and tidy up vault sharing across your organization.

The Vault Sharing View

Navigate to Vault Sharing in the Admin Console sidebar. At the top, a summary shows:

• Total Shareable Vaults — all vaults in your organization that are eligible for sharing.

• Shared Vaults — vaults currently shared with one or more users.

The list below is divided into three tabs.

Shared

Lists all vaults currently shared securely among users. For each vault you can see:

• Vault Name — the name given to the vault by its owner. An orange dot next to a vault name indicates it is inactive (no user has accessed it in the last 30 days).

• Managers — the user(s) responsible for managing access to this vault.

• Shared With — the number of users who currently have access.

• Location — the storage platform where the vault is hosted (for example, Microsoft Teams, SharePoint, or Google Drive).

• Last Modified — when the vault or its sharing configuration was last changed.

Not Shared

Lists vaults that exist but currently have no members other than the owner. These may be vaults that were created for sharing but never used, or vaults where all members have since been removed. Review this list periodically to identify vaults that are no longer needed.

Searching and Filtering

Use the Search bar to find vaults by name or a user's email address. Use Filters to narrow results by:

• Vault filters — No Items, No Managers, Inactive.

• Location — filter by storage platform such as OneDrive or SharePoint.

The Inactive filter is particularly useful for identifying vaults no user has accessed in the last 30 days, so you can decide whether they are still needed.

Viewing and Managing Access for a Vault

To inspect or change access for a specific vault:

1. Find the vault in the list and click the three-dot menu ( ⋮ ) next to it.

2. Select View details to see the vault's security overview, access summary, and activity log, including the last time each user accessed the vault and from which device.

3. Select Manage access to open the Vault Access Management view.

In the Vault Access Management view you can see a breakdown of users by access type — Manager, Write, Read-only, and Read-only (restricted) aka Autofill only — and a full list of members with their email addresses and assigned roles. Use the Access type filter to narrow the list by role.

Removing a User's Access

1. In the Vault Access Management view, select the checkbox next to the user or users you want to remove.

2. Click Remove access.

3. Confirm by clicking Yes in the confirmation prompt.

Note: Removing access from the Admin Console revokes the user's cryptographic authorization to the vault via Enpass Hub. The vault file itself remains in cloud storage, but the user will no longer be able to open or autofill from it. See more: How Vault Sharing Works

Handling Inactive Vaults

A vault is marked as inactive when no user has accessed it in the last 30 days. Inactive vaults are flagged with an orange dot in the list and a warning banner inside the vault detail view.

Inactive vaults are worth reviewing regularly. A vault that nobody is using may contain stale credentials, have unnecessary members with access, or simply no longer be needed.

Removing an Inactive Vault

Removing a vault from the Admin Console only deletes its record from the Admin Console — it does not delete the vault data from cloud storage. To fully remove the vault and its data:

1. First, delete the vault from the underlying storage platform (for example, from Microsoft Teams, SharePoint, or Google Drive).

2. Return to the Admin Console, find the vault in the Vault Sharing list, and click the three-dot menu ( ⋮ ).

3. Select Remove vault and confirm.

You will be asked to confirm that you have already deleted the vault from the storage platform before the removal can be completed.

Common Tidy-Up Tasks

Finding inactive vaults — Use the Inactive filter on the Shared tab to list all vaults not accessed in the last 30 days. Review each one and decide whether to keep, reassign, or remove it.

Finding vaults with no manager — Use the No Managers filter to identify vaults that have lost their manager, for example after a user left the organization. Coordinate with your team to reassign management from within the Enpass app.

Finding vaults with no items — Use the No Items filter to identify empty vaults that may have been created but never populated.

Checking access after team changes — Search by a departing user's email to find all vaults they manage or have access to. For vaults they manage, arrange for another user to take ownership from the Enpass app. For vaults they have access to, remove their access directly from the Admin Console using the steps above.

Phasing out insecurly shared vaults — If the tab “Shared with Vault Password” appears in your Vault Sharing view, pay special attention. It means one or more vaults are being shared using a legacy vault password method rather than Enpass's secure sharing. These vaults do not benefit from cryptographic key distribution and pose a higher risk. Work with the relevant vault managers to migrate them to secure sharing from within the Enpass app as soon as possible.

Related pages

• Sharing a vault with co-workers

• Adding vaults shared by co-workers

• Managing access to shared vaults