About mobile device management

Learn how to use mobile device management to manage how your team uses 1Password on their devices.

If you’re an administrator in 1Password Teams or 1Password Business, you can use mobile device management (MDM) to enforce stricter controls for employees who use 1Password on their devices. You can use these settings to configure 1Password using your MDM solution.

Instructions for

Mac
iOS
Windows

The preference domain for 1Password 8 for Mac is com.1password.1password. These settings must be applied using MDM and cannot be set manually using the defaults command.

Download a sample .mobileconfig profile.

General

These settings allow you to control basic options for the 1Password app.

Setting	Key	Type
Start at login	`app.startAtLogin`	Boolean
Save new items in [vault]*	`app.defaultVaultForSaving`	String
Submit automatically with Universal Autofill	`security.autofill.autosubmit`	Boolean

* If this string is left empty, 1Password will suggest a vault.

Security

These settings affect how a team member unlocks 1Password and uses data in it.

Setting	Key	Type
Enforce Touch ID	`security.authenticatedUnlock.appleTouchId`	Boolean
Enforce Apple Watch Unlock	`security.authenticatedUnlock.appleWatchUnlock`	Boolean
Set the password requirement timeframe*	`security.authenticatedUnlock.requireAccountPasswordAfter`	String
Set auto-lock timeout† (in minutes)	`security.autolock.minutes`	Integer
Lock on sleep, screensaver, or switching users	`security.autolock.onDeviceLock`	Boolean
Lock when main window is closed	`security.autolock.onWindowClose`	Boolean
Allow 1Password to prevent your device from sleeping	`security.blockSleepEnabled`	Boolean
Remove copied information and one-time passwords after 90 seconds	`security.clipboard.clearAfter`	Boolean
Use Universal Clipboard to copy to other devices	`security.deviceClipboardSharing`	Boolean
Always show passwords and full credit card numbers	`security.revealPasswords`	Boolean
Always show Wi-Fi QR codes	`security.revealWifiQrCodes`	Boolean

* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.

† You can choose a number from 1 to 1440 (1 day).

Privacy

These settings allow you to manage settings related to privacy and Watchtower.

Setting	Key	Type
Show app and website icons	`privacy.downloadRichIcons`	Boolean
Check for compromised websites	`privacy.checkCompromisedWebsites`	Boolean
Check for vulnerable passwords	`privacy.checkHibp`	Boolean
Check for two-factor authentication	`privacy.checkMfa`	Boolean
Check for passkeys	`privacy.checkPasskeys`	Boolean

Browsers

These settings allow you to control how 1Password connects with browsers.

Setting	Key	Type
Allow connecting to a custom browser	`browsers.other-trusted-apps.enabled`	Boolean

Updates

Important

These settings can only be controlled if you deploy or install 1Password with the 1Password.app installer. If you use the PKG installer, you can monitor updates and deploy them with your MDM solution.

These settings allow you to manage 1Password updates.

Setting	Key	Type
Automatically check for updates	`updates.autoUpdate`	Boolean
Set release channel*	`updates.updateChannel`	String

* The allowed values are PRODUCTION, BETA, and NIGHTLY.

Authentication

These settings allow you to control the process of signing into the 1Password app.

Setting	Key	Type
Set a default sign-in address*	`authentication.defaultDomain`	String
Enforce the default sign-in address†	`authentication.enforceDomain`	Boolean

* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.

† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.

Important

To control these settings, you must first register 1Password for Windows as a managed installation across your team member’s PCs.

The registry key for 1Password 8 for Windows is HKEY_LOCAL_MACHINE\SOFTWARE\Agilebits Inc.\1Password\Policy. You can deploy values to this path to manage settings.

For a string, use a REG_SZ value.
For an integer, use a QWORD value.
For a boolean, use a DWORD value.
For false, set the value data to 0. For true, set the value data to a non-zero number.

General

These settings allow you to control basic options for the 1Password app.

Setting	Key	Type
Show the main app window at login*	`app.openAppOnStartup`	Boolean
Save new items in [vault]†	`app.defaultVaultForSaving`	String
Allow the use of Auto-Type	`app.autoTypeEnabled`	Boolean
Submit automatically with Auto-Type	`security.autofill.autosubmit`	Boolean

* To control this setting, 1Password must be turned on in Windows Settings > Apps > Startup.

† If this string is left empty, 1Password will suggest a vault.

Security

These settings affect how a team member unlocks 1Password and uses data in it.

Setting	Key	Type
Set the password requirement timeframe*	`security.authenticatedUnlock.requireAccountPasswordAfter`	String
Set auto-lock timeout† (in minutes)	`security.autolock.minutes`	Integer
Lock on sleep, screensaver, or switching users	`security.autolock.onDeviceLock`	Boolean
Lock when main window is closed	`security.autolock.onWindowClose`	Boolean
Allow 1Password to prevent your device from sleeping	`security.blockSleepEnabled`	Boolean
Remove copied information and one-time passwords after 90 seconds	`security.clipboard.clearAfter`	Boolean
Always show passwords and full credit card numbers	`security.revealPasswords`	Boolean
Always show Wi-Fi QR codes	`security.revealWifiQrCodes`	Boolean

* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.

† You can choose a number from 1 to 1440 (1 day).

Privacy

These settings allow you to manage settings related to privacy and Watchtower.

Setting	Key	Type
Show app and website icons	`privacy.downloadRichIcons`	Boolean
Check for compromised websites	`privacy.checkCompromisedWebsites`	Boolean
Check for vulnerable passwords	`privacy.checkHibp`	Boolean
Check for two-factor authentication	`privacy.checkMfa`	Boolean
Check for passkeys	`privacy.checkPasskeys`	Boolean

Updates

Important

These settings can only be controlled if you deploy 1Password with the MSIX or App Installer. Learn how to control updates if you deploy 1Password through the Microsoft Store or with the MSI.

These settings allow you to manage 1Password updates.

Setting	Key	Type
Automatically check for updates	`updates.autoUpdate`	Boolean
Set release channel*	`updates.updateChannel`	String

* The allowed values are PRODUCTION, BETA, and NIGHTLY.

Authentication

These settings allow you to control the process of signing into the 1Password app.

Setting	Key	Type
Set a default sign-in address*	`authentication.defaultDomain`	String
Enforce the default sign-in address†	`authentication.enforceDomain`	Boolean

* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.

† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.

The preference domain for 1Password 8 for iOS is com.1password.1password.

General

These settings allow you to control basic options for the 1Password app.

Setting	Key	Type
Save new items in [vault]*	`app.defaultVaultForSaving`	String

* If this string is left empty, 1Password will suggest a vault.

Security

These settings affect how a team member unlocks 1Password and uses data in it.

Setting	Key	Type
Enforce Touch ID	`security.authenticatedUnlock.appleTouchId`	Boolean
Enforce Face ID	`security.authenticatedUnlock.appleFaceId`	Boolean
Allow unlock with device passcode	`security.authenticatedUnlock.appleDevicePinUnlock`	Boolean
Set the password requirement timeframe*	`security.authenticatedUnlock.requireAccountPasswordAfter`	String
Set auto-lock timeout† (in minutes)	`security.autolock.minutes`	Integer
Allow 1Password to prevent your device from sleeping	`security.blockSleepEnabled`	Boolean
Clear clipboard after timeout	`security.clipboard.clearAfter`	Boolean
Use Universal Clipboard to copy to other devices	`security.deviceClipboardSharing`	Boolean
Allow revealing passwords	`security.revealPasswords`	Boolean
Always show Wi-Fi QR codes	`security.revealWifiQrCodes`	Boolean

* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.

† You can choose a number from 0 to 480. If you choose 0, the app will lock immediately when no longer in focus.

Privacy

These settings allow you to manage preferences related to privacy and Watchtower.

Setting	Key	Type
Show app and website icons	`privacy.downloadRichIcons`	Boolean
Use Apple Maps	`privacy.mapsEnabled`	Boolean
Check for compromised websites	`privacy.checkCompromisedWebsites`	Boolean
Check for vulnerable passwords	`privacy.checkHibp`	Boolean
Check for two-factor authentication	`privacy.checkMfa`	Boolean
Check for passkeys	`privacy.checkPasskeys`	Boolean

Autofill

These settings allow you to manage preferences related to Autofill.

Setting	Key	Type
Show passkey suggestions	`app.autoFillPasskeyShowFillingSuggestions`	Boolean

Notifications

These settings allow you to manage the notifications that team members receive from 1Password.

Notification type	Key	Type
One-Time Passwords	`app.notifyCopyTotpToClipboard`	Boolean

Authentication

These settings allow you to control the process of signing into the 1Password app.

Setting	Key	Type
Set a default sign-in address*	`authentication.defaultDomain`	String
Enforce the default sign-in address†	`authentication.enforceDomain`	Boolean

* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.

† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.

Learn more

About the security of your 1Password desktop app settings

Was this article helpful?

Glad to hear it! If you have anything you'd like to add, feel free to contact us.

Sorry to hear that. Please contact us if you'd like to provide more details.