Skip to main content
August 28, 2024
Question

Automate 1Password Account Recovery

  • August 28, 2024
  • 4 replies
  • 300 views

I am trying to automate 1Password account recovery for my team. Right now users who lose account access must have an admin start the recovery from the UI, then complete the recovery after the user logs in.

I found the 1Password CLI 2.30.0-beta.03 includes the op user recovery https://developer.1password.com/docs/cli/recover-users/. Can this be run using a service account? I could not find a way to do it.

Also, is there a way to automate the final "complete recovery" step that is done in the UI?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

4 replies

natrayAuthor
August 28, 2024

I am trying to automate 1Password account recovery for my team. Right now users who lose account access must have an admin start the recovery from the UI, then complete the recovery after the user logs in.

I found the 1Password CLI 2.30.0-beta.03 includes the op user recovery https://developer.1password.com/docs/cli/recover-users/. Can this be run using a service account? I could not find a way to do it.

Also, is there a way to automate the final "complete recovery" step that is done in the UI?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

January 20, 2025

I am looking for this, but I cannot automate it.

January 21, 2025

You cannot run the op user recovery command using a Service Account, but there is nothing stopping you from creating a "User" with your organization for which you protect the credentials and secret key which acts like a Service Account, in that it's not assigned to a real person. You can automate logging into this user by putting the credentials and secret key in something like SSM Parameter Store (or the equivalent of whatever vendor you choose) and automating logging in and running commands in the terminal.

And no, unfortunately, they have not created CLI to do the "complete recovery" step.

January 22, 2025

The problem is we have SSO enabled already with 1000s of users, and I cannot invite a new user (secondary email) to be an admin without the SSO. I can make the existing user an admin, but he cannot see the secret key with the emergency kit.