Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Password expirations
I would like to know if it is possible to do the following on 1password business: Force users to periodically change their 1password account key. The other thing is to force or have a report of the elements of the users to know how old or when they changed their passwords from other logins or configured MFA to know if they are complying with the policies . Any idea? Thank you!
Permit/block access to vault by IP?
I have a situation where we want to allow access to a specific vault when they're using a given source IP. When coming from that same IP, we would want to block access to all other vaults. When using other IPs, we would want to grant full access. It doesn't appear to be doable now, but I would like to put in a feature request.
Managed Browser Extension
Hey all, New to 1Password for Business, long time 1Password personal user. I've just kicked off migration of legacy password manager (on-prem) for about 500 users in a Microsoft Intune full cloud environment. Our org has strict management over our Windows 11 devices... (you know, any HR opportunity to educate staff starts with I.T doing all the work with tech removing any need to teach users how to do something) I need to manage the browser extension, the usual default save vault location and watchtower etc. i thought i was on a winner with MDM ADMX - https://support.1password.com/mobile-device-management/?windows#appendix-set-the-default-vault-for-saving-new-items but this looks to be the full app rather that anything for the extension? How can i directly manage the extension via Intune?
Microsoft Entra ID SSO issue
We have recently migrated all our users over to using Microsoft Entra ID SSO. It works fine except every time they close the app or shutdown their computer, it asks them to login using SSO. We have a set of employees who do not always have a connection available. They go from site to site and some basements where they need to go don't have network or wi-fi. When that happens, they are unable to use 1password. Keep in mind that most of the time when they access these places they are escorted by security to go down in the basements and it's wasting their time as well as the security employee. We have it set to ask the Entra password every 7 days. Expected behavior: if I close the app or restart the computer, the token should still be valid. Current behavior: Every time I close the app or restart the computer, I have to login to the microsoft account again.
Group Policy Intune ADMX Ingestion Error
Hi 1Password Community, We've been looking at managing 1Password policies through the generated ADMX+ADML files. The files themselves upload to Intune fine, but when the client is attempting to ingest the file(s) we receive the following error: MDM ConfigurationManager: Command failure status. Configuration Source ID: (5B33F6A6-E59D-4384-8CB2-6858C3CCF0CD), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/OnePassword82518298-c5ba-4142-b473-7d937e4105c6/Policy/OnePassword82518298-c5ba-4142-b473-7d937e4105c6), Result: (Catastrophic failure). See image 1 Originally, this was thought of as a bug as the feature was still fairly recently implemented. After a couple of months of waiting, I tried generating the files again earlier this week (currently using app version "1Password for Windows 8.11.20 (81120039)") and discovered the same error is still present. The patch notes for January 19th mention that this should have been fixed, but when trying again these past couple of days the error persisted. https://releases.1password.com/windows/stable/#1password-for-windows-8.12.0 See image 2 Doing some research, I came across the following GitHub-repo: https://github.com/Micke-K/IntuneManagement/blob/master/ADMXImport.md, which mentions that QWORD-values are unsupported and will generate a catastrophic failure on the clients - exactly the same as we've been experiencing on our clients. See image 3 Based on this revelation, I started to manually edit the ADMX and ADML-files to remove all entries for "longDecimal", which equals to these two policies: security_authenticatedUnlock_deviceBasedUnlock_askUnlockAfter security.autolock.minutes Once these entries were removed from both files and reuploaded to Intune - it started working without any further errors: ADMX Ingestion: MDM PolicyManager: ADMX Ingestion: EnrollmentId (8BE04C50-54DF-4B0D-AA1C-9A79C476C468), app name (OnePassword975d1c63-2406-4643-8f93-cb4034eb3382), setting type (Policy), unique Id (OnePassword975d1c63-2406-4643-8f93-cb4034eb3382), area (NULL). Policy Creation: MDM PolicyManager: Set policy string, Policy: (ManagedInstall), Area: (OnePassword975d1c63-2406-4643-8f93-cb4034eb3382~Policy~onepassword), EnrollmentID requesting merge: (8BE04C50-54DF-4B0D-AA1C-9A79C476C468), Current User: (Device), String: (<enabled/><data id="ManagedInstall" value="X" />), Enrollment Type: (0x6), Scope: (0x0). See image 4 and 5 As the error appears to be related to the ADMX Ingestion not being able to handle QWORD-values, the root cause of the problem may lie with Microsoft. Would it be possible from 1Passwords side to look into having the two policies be handled through either a DWORD or a String instead of a QWORD?1Password Group Policies / ADMX
Hi 1Password, I'm struggling to get more information regarding the GPO policy feature introduced last year. The only notice I can find is the changelog stating [Windows only]: Added group policy support using ADMX templates. Where can I find these? There is a page on MDM with some registry options, but I was hoping for a smoother process by using established GPO configurations. Note: I can't add links in the forum: it claims "Your post contains invalid HTML. Remove the following invalid tags before publishing: a, a (data-airgap-id)"What’s new in 1Password Enterprise Password Manager (Q4 2025)
Hey everyone! 👋 We’ve been working closely with customers across industries this past year to understand where they need more flexibility, clarity, and control. That feedback shaped a new round of improvements that help teams deploy faster, manage more consistently, and stay secure without slowing anyone down. Here’s a quick rundown of what’s new: Security without friction New App Unlock presets give admins more flexibility in how people unlock 1Password. Organizations can align unlock behavior with their existing device policies, like allowing 1Password to unlock when the device unlocks while still enforcing auto-lock where needed. Teams can decide which presets are available, override them where required, or let users choose the option that fits their workflow. Vaults remain protected by device-level encryption – this simply changes when 1Password unlocks, not how it’s secured. Get teams set up in less time A couple of updates make it easier for new users to get started confidently: The new Browser Extension policy helps guide new users to install the 1Password browser extension during setup. Guided Setup now introduces people to the essentials of using 1Password in their environment and adapts to each organization’s configuration. Together, these reduce confusion during onboarding, minimize IT overhead, and help people start saving and filling credentials right away. New policies provide more control As organizations scale, admins often need fine-grained control over how credentials are saved and submitted. New policy options now allow admins to configure: Autosave: Choose which item types (Logins, Credit Cards, Addresses, 2FA) are saved automatically. Autosubmit: Turn off automatic form submission. Sign-in Attempts: Define how many failed login attempts are allowed before an IP address is temporarily locked for that user, helping safeguard against brute-force attacks. These updates help standardize behavior across the organization while still giving teams the right amount of flexibility. Set up your 1Password instance to reflect how your organization operates Multi-tenancy introduces a new account model designed for scale that brings more clarity and consistency to large or distributed organizations. Linked Accounts let you connect a parent account to any number of child accounts within the same data region, organized by geography, department, or business unit. Policy Templates make governance easier by letting the parent account create reusable templates, decide what child accounts can override, and apply standards instantly. It’s a flexible way to maintain consistent security while letting teams operate independently when they need to. Coming in 2026 A couple of updates already in motion: Automated Provisioning hosted by 1Password connects directly to Okta and Entra ID, eliminating the need for self-hosted SCIM bridges so teams can deploy faster with less infrastructure to maintain. A redesigned Audit Log that brings all user and admin activity into a unified, human-readable view, making investigations and compliance reviews much easier. These improvements are all steps toward making enterprise deployment smoother, governance clearer, and day-to-day work less of a lift for admins and teams alike. If you’d like a closer look (including screenshots and examples) you can find the full breakdown in our latest blog post.
Sharing administration responsibilities
I work with an MSP and there are a few of us who are administering services for our clients. We're trying to figure out how to share 1Password. When you initially sign in you have to register your device. One of my colleagues says he last accessed this last year and now doesn't remember which computer it was from. When we try to sign in now we get: Sign into 1Password on the Firefox session that you have used before. Go to My Profile. Under Pending Sign-ins, look for Microsoft Edge. Select View. Allow the transfer request. Enter the verification code in the next step. I'm waiting on the owner of the account to reset our account and get us back in. In the meantime, what's the best way to manage this? Our client has the Enterprise Edition enabling SSO support. For us as an MSP, how can a few of us administer this a few times a year, to on-board people or reset access for others? Do we each need our own account?Help with 1Password SSO Unlock Across Multiple Desktops
Hi, I’m looking for some assistance with 1Password in a small office environment (around 45–50 desktops) that runs Hybrid AD. We’ve enabled Unlock with SSO, and it works fine on a user’s first workstation. However, when the same user signs in on another workstation, 1Password prompts them to transfer their encryption key. The challenge is that our users often move between desktops throughout the day depending on their work schedule. This constant key transfer prompt is disruptive. Is there a way to disable this key transfer requirement or a recommended best practice to allow seamless use of SSO across multiple desktops? Thanks in advance for any guidance!
