Forum Discussion

TM_swfg's avatar
TM_swfg
New Contributor
2 months ago

options for same settings across company (GPO?)

Hello,

My wish would be to roll out the software including settings for the entire company
e.g.
- password length for suggested passwords
- autolock.onDeviceLock
- autolock.minutes

I tried a lot and found C:\Users\User1\AppData\Local\1Password\settings\settings.json
but probably the authtags are encrypted and individual on each PC, so I can't just copy this file?

{
  "version": 1,
  "browsers.extension.enabled": true,
  "security.autolock.onDeviceLock": true,
  "security.clipboard.clearAfter": true,
  "appearance.interfaceDensity": "comfortable",
   "updates.updateChannel": "PRODUCTION",
  "security.autolock.minutes": 1,
  "authTags": {
    "appearance.interfaceDensity": "*",
    "browsers.extension.enabled": "*",
    "security.autolock.minutes": "*",
    "security.autolock.onDeviceLock": "*",
    "security.clipboard.clearAfter": "*",
    "updates.updateChannel": "*"
  }
}

Do you have any idea how I can distribute identical configurations? Thanks!
Tobias

13 Replies

  • phillipc's avatar
    phillipc
    Occasional Contributor

    These settings would be simpler managed from the 1Password admin portal. Ideally as a company you would align your password policy requirements with technical controls, like other password managers provide as a password policy setting (e.g. Keeper).

    Education/user training is of course #1 to apply policy into practice, but security and risk is about layering.

    • 1P_Timothy's avatar
      1P_Timothy
      Icon for Community Manager rankCommunity Manager

      Hi phillipc​, thanks for adding your voice. I can definitely see where you're coming from on this, and I've shared your comments with the team. Thanks again!

  • TM_swfg's avatar
    TM_swfg
    New Contributor

    Hi Timothy,

    thanks for your reply.
    I am using a business account and I already know the settings mentioned.
    Unfortunately, these do not meet my requirements or wishes for the program.

    I'd like to keep the entry barrier as low as possible for my colleagues and increase acceptance through convenience. For me, this includes ensuring that 1Password doesn't automatically lock after 10 minutes (but only after a few hours) and is active again after unlock the computer.

    So I'm looking for a way to implement this setting – which I would otherwise have to manually configure on over 50 computers – for the entire company.

    Tobias

    • 1P_Timothy's avatar
      1P_Timothy
      Icon for Community Manager rankCommunity Manager

      Thanks for clarifying that for me TM_swfg​.

      The settings file is a secure file that can't be modified manually to alter "sensitive settings", which I believe would include what you've mentioned here. You can configure some settings via mobile device management but this is only available on Mac and iOS. When deploying 1Password for Windows with MSI, you can configure some options around updating, installation, and restarting, but I don't think that will cover what you're after. 

      The best option here might be leveraging what's available in Policies, and listing a recommended setting guide for your team. That said, I'd be curious to hear how other community members have tackled similar situations. 

      • TM_swfg's avatar
        TM_swfg
        New Contributor

        thanks for your reply.

        time for auto-lock I found in team policy settings. and for the other options I will probably go the way with the hints and screenshots.

    • Tom's avatar
      Tom
      Dedicated Contributor

      Not trying to deviate the subject, but do your computers have camera's (or assuming mostly Windows Hello with PIN codes)? That way you wouldn't have to unlock unneccesarily long and can just use the Hello biometrics to unlock?

      • TM_swfg's avatar
        TM_swfg
        New Contributor

        Unfortunately not - we use Active Directory users, without Windows Hello

  • 1P_Timothy's avatar
    1P_Timothy
    Icon for Community Manager rankCommunity Manager

    Hi TM_swfg​, thanks for joining the community!

    If you're using 1Password Business you can configure a number of universal settings with team policy settings. This includes options like mandatory auto-lock, and account password length restrictions. Would that cover what you're looking for?

    • furman's avatar
      furman
      New Contributor

      Hi there!

      It won't cover what I'm looking for. Many of our users are averse to passwords that appear impossible to remember. I want our defaults to be the following, but can't find a way to automate setting them via MDM or script. Can you assist?

        "passwordGenerator.type": "password-generator-menu-entry-type-memorable-password",
        "passwordGenerator.separatorType": "password-generator-menu-entry-separator-numbers-and-symbols",
        "passwordGenerator.capitalize": true,
        "passwordGenerator.size.words": 3,

      • 1P_Timothy's avatar
        1P_Timothy
        Icon for Community Manager rankCommunity Manager

        Hi furman​, thanks for your question.

        There isn't an option to deploy the 1Password extension with specific password generator option defaults. In this case, the best option might be to guide users on selecting preferred or recommended password settings. 

        That could look something like this:

        1. Open 1Password in the Browser.
        2. Click the Menu button (☰).
        3. Select Password Generator.
        4. From Type, select Memorable Password
        5. Set Words to 3, Separator to Numbers and Symbols, and Capitalize on.
        6. Turn Use as default for suggestions on.

         

        While I can't make any promises as to if or when such a feature might be added, I'd be happy to share your interest in options for changing default password settings with the team. And if we can help with anything, just let the team know!