Enforcing 1Password Device Trust Checks
Objective: Begin enforcing device health checks, requiring employees to address and resolve security issues before accessing work apps.
People
Prepare for support needs:
Anticipate that employees may need extra help during this phase, especially those unfamiliar with resolving device health issues
Continue reinforcing privacy standards:
Reiterate that Device Trust only monitors essential security data, and remind employees to consult the Privacy Center if they have questions about what is being checked.
Process
Notify employees of enforcement date:
Send reminders about the enforcement of health checks, explaining that security issues must now be resolved in order to access work apps. We recommend using our employee communications templates as a starting point.
Offer support: Anticipate increased support needs during the enforcement phase.
Technology
Add New Device Trust checks: view the checks catalog to review all available pre-built Checks or build your own.
- NOTE: when first deploying, we recommend starting with "report only" or "warn only" before turning on enforcement, so as to minimize disruption.
Add Checks for 1Password Enterprise Password Manager (EPM):
Consider adding the following checks to your instance if you’re already an EPM customer.
Require 1Password to be logged into a work account
Disallow 1Password Emergency Kits stored in plaintext
Require 1Password 8 meets minimum version
Require SSH keys to be encrypted and stored in 1Password
Use the Extended Device Compliance feature to enforce checks for non-SSO apps via the 1Password browser extension:
Visit the APPs tab in your Device Trust admin console
Select discovered applications that you wish to protect with Device Trust and toggle Extended Device Compliance on
Ensure end users have the Device Trust agent and 1Password browser extension installed
