With 1Password Enterprise Password Manager, you can set up and manage 1Password for your company and sub-companies. You’ll create a parent account which can then manage an unlimited number of child accounts. This allows you to scale your usage of 1Password, localize administrators to smaller groups of users, centralize policy management, and keep data separated across organizations.
Step 1: Create a parent account
To get started, sign up for 1Password Business. This will be your parent account. If you already have an account that your team uses for 1Password internally, contact your 1Password representative to request that your account be converted to a multi-tenant parent account.
After you sign up:
- Follow the steps to get started as an administrator and set up your account.
- Make sure to invite team members who will be in the top-level organization.
- Implement a recovery plan to make sure no one loses access to 1Password.
Important
To make sure the child accounts you manage are secure, everyone in the parent account will need to use multi-factor authentication.
If your team uses single sign-on (SSO), you can set up your 1Password account to unlock with SSO, then consider the additional security guidelines below for multi-tenant accounts.
If you didn’t set up your account to unlock with SSO, continue to step 2.
If you use Unlock with SSO
Administrators in the parent account have administrative access to all your child accounts, so their accounts should be as secure as possible. If your team will unlock 1Password with SSO, follow these guidelines for the 1Password SSO application in your identity provider:
- Turn off persistent cookies. For example, in Entra ID you can turn off the ‘Stay signed in?’ prompt.
- Require frequent re-authentication. For example, in Okta you can create an authentication policy with “User must authenticate with” and “Prompt for authentication”.
- Require multi-factor authentication. For example, in Entra ID you can create a Conditional Access policy to require multi-factor authentication.
Step 2: Add administrators
People in the Owners or Administrators group of your account can manage child accounts. By default, these groups include the following permissions:
- View child accounts.
- Link and unlink child accounts.
- Sign in to child accounts and perform administrative tasks.
You can also create a custom group and give it granular permissions. For example, you can allow people in a group to only view, link, and unlink specific accounts, but not launch into them.
Next steps
After you set up your 1Password multi-tenant parent account, you and your administrators can add and manage child accounts. Learn how to manage child accounts.
Get help
Some 1Password features aren’t yet supported for parent account administrators in child accounts:
Other users in your child accounts can still use these features.