The project launched on Monday. A team made up of representatives from marketing, IT, procurement, PR and communications – scattered across Warsaw, Cracow and Wroclaw – begins working on a new product launch. The first question pops up even before the first meeting: Who has acces to the Adobe Stock account? Who knows the Google Analytics password? How is the specialist in Cracow supposed to access the CMS panel if only the account manager in Warsaw knows the password?
In a single-location environment, these questions get resolved in the hallway. In a dustributed environment, they are handled via email, Slack, or by dictating the password over the phone. Every single on of these solutions is worse than no solution at all, because it generates uncontrolled copies of credentials scattered across inboxes, chat histories, and notes on personal devices.
A project environment involving multiple departments and locations in a unique case of access management. Not because it is exceptionally comples technologically, but because it naturally brings together people with different approaches to security, operating under different conditions, over shared resources that no one had previously planned to manage centrally.
Why a cross-departmental environment is particularly difficult to manage
Different departments, different security habits
The IT department has procedures. The marketing department has deadlines. These two worlds collide in a project environment, and time pressure usually wins. A SEM specialist needs access to a client’s advertising account immediately, not after going through a formal access request. A graphic designer needs the login for a photo bank before a presentation in two hours. A PR coordinator must update a social media profile before the news becomes stale.
In each of these cases, the impulse is the same, and the fastest solution is asking someone for the password via a communicator. In each of these cases, the result is a new, uncontrolled copy of the credential outside of any management system.
Distributed locations
In a single-location office, a password can be passed in person, leaving no trace in communication systems. In a distributed environment, every access transfer leaves a footprint – in email histories, Teams archives, and Slack exports. This footprint is not managed, does not expire, and does not disappear when the project ends.
Unapproved communication tools and informal data-sharing channels are among the main risk vectors in distributed teams (Venn) – especially, when the IT department lacks visibility into how data flows between locations.
Shared resources – one account, multiple users
Projects involving multiple departments operate on shared assets: photo banks with corporate licenses, analytical tools with a single account, content management platforms, social media panels, and email marketing systems. Each of these tools has one account. Moreover, each of these accounts must be accessible to several or even dozens of people simultaneously.
SQ Magazine data indicates that the average employee manages 87 work passwords, and 78% of companies still rely on traditional password authentication without a dedicated password manager. In a project encironment, the number of active credentials per person is typically higher than average – and grows with every subsequent tool integrated into the project.
What the project access lifecycle should look like
A password manager, acting as a centralized access management system, changes the landscape of efficient collaboration that goes hand in hand with security. Explore the six steps describing the complete access lifecycle in a cross-departmental team project from the perspective of perc.pass.
Step 1: Setting up the project group
At the project’s kickoff, the administrator or project manager creates a dedicated shared group in perc.pass and names it after the specific project. All credentials related to the project are placed into this group: analytical tool accounts, creative platforms, CMS systems, and advertising panels.
The group is tied to a specific project – not to specific individuals. This is a vital distinction, as the resources belong to the project, and access to them is managed via group membership rather than through manual and uncontrolled password sharing.
Step 2: Assigning roles and access levels
The owner assigns users to the shared group with defined permissions. Not everyone in a project needs access to every tool, and not everyone should have the ability to change passwords.
Everyone sees only what they need. This step does not require creating separate groups for each role. A single assignment operation during each person’s project onboarding is all it takes.
Step 3: Sharing a password
A graphic designer from Wroclaw needs access to Adobe Stock but does not belong to the organization. In perc.pass, you can generate a time-limited, one-time link to securely share access data. Thanks to the option of securing it with an additional password, we guarantee it won’t fall into the wrong hands. Access remains functional, while the password stays under the organization’s control.
Step 4: Updating a password
An email marketing platform requires a password change after 90 days. The PM updates the password within the shared project group. All users assigned to it gain access to the updated data automatically – without an email to the whole team, and without the risk of someone trying to log in with an old password for a week and locking the account.
In a distributed environment, this operation replaces multiple emails and confirmations. It saves operational time and eliminates the window of chaos between a password change and the moment everyone on the team receives the updated version.
Step 5: Managing team composition changes
A SEM specialist from Cracow completes their part in the project after three months. The administrator removes them from the project group in a single operation. Their access to Google Ads, Google Analytics, and all other assigned project resources expires instantly. This happens without resetting passwords, without notifying other team members, and without interrupting tool availability for others.
A new graphic designer joins the project mid-campaign. The administrator assigns them to the group with permissions matching their role. From that moment on, they have access to all the necessary creative tools – without waiting for a password email, without asking colleagues, and without the risk of access reaching them through an uncontrolled channel.
Step 6: Closing the project
The project is completed. The project group can be archived or deleted—depending on the organization’s policy. The operation history remains preserved: who had access to which resources, and when, throughout the entire duration of the project.
This documentation carries operational value when determining who modified data in Google Analytics during a specific week, as well as long-term regulatory value – for instance, when the organization undergoes an audit or needs to demonstrate accountability under GDPR or NIS2.
If you want to manage access in a cross-departmental project easily and securely – test perc.pass during a free TRIAL.