Bitwarden can be used with groups, or even Google Sheets or something with proper access control (both are just kv after all... both should require 2fa, and both include auditing)
There's no good solution imo for what I think you're asking for (and that isn't: how can I share passwords for services that allow SSOv?)
"This reminds me of a problem that I wanted to solve in the future, but I don’t have the expertise.
The problem is when an organization has a single account on an external service which needs to be used by several people, and the organization wants to safely manage the access to the shared account on the external service, adding accountability: who was using the account at X time?
Users of the shared external account should not know the credentials of the account, so rotation of passwords when employees leave/change roles is not as necessary.
I thought of something like a proxy which could use a Selenium (or something else) script for each of the external website, which would handle the login/authentication flow for the external service.If this was a business, those scripts could be offered as a per-website/month package. An administrator would create the automatic flow for a specific service, and save the username and password somewhere in the script. Normal users of the external service’s singular account would then use the proxy using their individual credentials, to add accountability to accessing the external service.
Maybe someone in this realm could come up with something and market it."
There's no good solution imo for what I think you're asking for (and that isn't: how can I share passwords for services that allow SSOv?)
"This reminds me of a problem that I wanted to solve in the future, but I don’t have the expertise. The problem is when an organization has a single account on an external service which needs to be used by several people, and the organization wants to safely manage the access to the shared account on the external service, adding accountability: who was using the account at X time? Users of the shared external account should not know the credentials of the account, so rotation of passwords when employees leave/change roles is not as necessary. I thought of something like a proxy which could use a Selenium (or something else) script for each of the external website, which would handle the login/authentication flow for the external service.If this was a business, those scripts could be offered as a per-website/month package. An administrator would create the automatic flow for a specific service, and save the username and password somewhere in the script. Normal users of the external service’s singular account would then use the proxy using their individual credentials, to add accountability to accessing the external service. Maybe someone in this realm could come up with something and market it."