Forum Discussion
options for same settings across company (GPO?)
Hello,
My wish would be to roll out the software including settings for the entire company
e.g.
- password length for suggested passwords
- autolock.onDeviceLock
- autolock.minutes
I tried a lot and found C:\Users\User1\AppData\Local\1Password\settings\settings.json
but probably the authtags are encrypted and individual on each PC, so I can't just copy this file?
{
"version": 1,
"browsers.extension.enabled": true,
"security.autolock.onDeviceLock": true,
"security.clipboard.clearAfter": true,
"appearance.interfaceDensity": "comfortable",
"updates.updateChannel": "PRODUCTION",
"security.autolock.minutes": 1,
"authTags": {
"appearance.interfaceDensity": "*",
"browsers.extension.enabled": "*",
"security.autolock.minutes": "*",
"security.autolock.onDeviceLock": "*",
"security.clipboard.clearAfter": "*",
"updates.updateChannel": "*"
}
}
Do you have any idea how I can distribute identical configurations? Thanks!
Tobias
13 Replies
These settings would be simpler managed from the 1Password admin portal. Ideally as a company you would align your password policy requirements with technical controls, like other password managers provide as a password policy setting (e.g. Keeper).
Education/user training is of course #1 to apply policy into practice, but security and risk is about layering.
- 1P_Timothy
Community Manager
Hi phillipc, thanks for adding your voice. I can definitely see where you're coming from on this, and I've shared your comments with the team. Thanks again!
Hi Timothy,
thanks for your reply.
I am using a business account and I already know the settings mentioned.
Unfortunately, these do not meet my requirements or wishes for the program.I'd like to keep the entry barrier as low as possible for my colleagues and increase acceptance through convenience. For me, this includes ensuring that 1Password doesn't automatically lock after 10 minutes (but only after a few hours) and is active again after unlock the computer.
So I'm looking for a way to implement this setting – which I would otherwise have to manually configure on over 50 computers – for the entire company.
Tobias
- 1P_Timothy
Thanks for clarifying that for me TM_swfg.
The settings file is a secure file that can't be modified manually to alter "sensitive settings", which I believe would include what you've mentioned here. You can configure some settings via mobile device management but this is only available on Mac and iOS. When deploying 1Password for Windows with MSI, you can configure some options around updating, installation, and restarting, but I don't think that will cover what you're after.
The best option here might be leveraging what's available in Policies, and listing a recommended setting guide for your team. That said, I'd be curious to hear how other community members have tackled similar situations.
thanks for your reply.
time for auto-lock I found in team policy settings. and for the other options I will probably go the way with the hints and screenshots.
Not trying to deviate the subject, but do your computers have camera's (or assuming mostly Windows Hello with PIN codes)? That way you wouldn't have to unlock unneccesarily long and can just use the Hello biometrics to unlock?
Unfortunately not - we use Active Directory users, without Windows Hello
- 1P_Timothy
Hi TM_swfg, thanks for joining the community!
If you're using 1Password Business you can configure a number of universal settings with team policy settings. This includes options like mandatory auto-lock, and account password length restrictions. Would that cover what you're looking for?
Hi there!
It won't cover what I'm looking for. Many of our users are averse to passwords that appear impossible to remember. I want our defaults to be the following, but can't find a way to automate setting them via MDM or script. Can you assist?
"passwordGenerator.type": "password-generator-menu-entry-type-memorable-password",
"passwordGenerator.separatorType": "password-generator-menu-entry-separator-numbers-and-symbols",
"passwordGenerator.capitalize": true,
"passwordGenerator.size.words": 3,- 1P_Timothy
Hi furman, thanks for your question.
There isn't an option to deploy the 1Password extension with specific password generator option defaults. In this case, the best option might be to guide users on selecting preferred or recommended password settings.
That could look something like this:
- Open 1Password in the Browser.
- Click the Menu button (☰).
- Select Password Generator.
- From Type, select Memorable Password
- Set Words to 3, Separator to Numbers and Symbols, and Capitalize on.
- Turn Use as default for suggestions on.
While I can't make any promises as to if or when such a feature might be added, I'd be happy to share your interest in options for changing default password settings with the team. And if we can help with anything, just let the team know!
