Vkontakte can add administrators.

Intermediate authorization service - you must have 100%.
Session - can be given only when you are sure that the employee will not be able to change the current password without knowing the old and / or PIN code in the SMS that comes to the mobile (for confirmation during important operations in the account).
Easier - use the session storage (plugin for FireFox):
https://addons.mozilla.org/en-US/firefox/addon/ses...
And then share the session to the public for computers.
When an employee wants to log in, he simply follows the link and he will already be automatically authorized in the social network (and anywhere else).
Also, you can separate:
1. Create different sessions and put the file of each session in a separate folder with restricted access.
2. Create copies of one session in folders with restricted access.
Those. in fact: the session file here will be the token.

Usually there is a two-factor authorization for this - until you receive an SMS on the director's phone - you do not change the password. In general, I don’t know about Google / Facebook, I think that an official letter from the company to the office of mail.ru / Yandex / VKontakte will help return the stolen password.