Teams and business

About mobile device management

Learn how to use mobile device management to manage how your team uses 1Password on their devices.

If you’re an administrator in 1Password Teams or 1Password Business, you can use mobile device management (MDM) to enforce stricter controls for employees who use 1Password on their devices. You can use these settings to configure 1Password using your MDM solution.

The preference domain for 1Password 8 for Mac is com.1password.1password. These settings must be applied using MDM and cannot be set manually using the defaults command.

 Download a sample .mobileconfig profile.

General

These settings allow you to control basic options for the 1Password app.

SettingKeyType
Start at loginapp.startAtLoginBoolean
Save new items in [vault]*app.defaultVaultForSavingString
Submit automatically with Universal Autofillsecurity.autofill.autosubmitBoolean

* If this string is left empty, 1Password will suggest a vault.

Security

These settings affect how a team member unlocks 1Password and uses data in it.

SettingKeyType
Enforce Touch IDsecurity.authenticatedUnlock.appleTouchIdBoolean
Enforce Apple Watch Unlocksecurity.authenticatedUnlock.appleWatchUnlockBoolean
Set the password requirement timeframe*security.authenticatedUnlock.requireAccountPasswordAfterString
Set auto-lock timeout†
(in minutes)
security.autolock.minutesInteger
Lock on sleep, screensaver, or switching userssecurity.autolock.onDeviceLockBoolean
Lock when main window is closedsecurity.autolock.onWindowCloseBoolean
Allow 1Password to prevent your device from sleepingsecurity.blockSleepEnabledBoolean
Remove copied information and one-time passwords after 90 secondssecurity.clipboard.clearAfterBoolean
Use Universal Clipboard to copy to other devicessecurity.deviceClipboardSharingBoolean
Always show passwords and full credit card numberssecurity.revealPasswordsBoolean
Always show Wi-Fi QR codessecurity.revealWifiQrCodesBoolean

* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.

† You can choose a number from 1 to 1440 (1 day).

Privacy

These settings allow you to manage settings related to privacy and Watchtower.

SettingKeyType
Show app and website iconsprivacy.downloadRichIconsBoolean
Check for compromised websitesprivacy.checkCompromisedWebsitesBoolean
Check for vulnerable passwordsprivacy.checkHibpBoolean
Check for two-factor authenticationprivacy.checkMfaBoolean
Check for passkeysprivacy.checkPasskeysBoolean

Browsers

These settings allow you to control how 1Password connects with browsers.

SettingKeyType
Allow connecting to a custom browserbrowsers.other-trusted-apps.enabledBoolean

Updates

Important

These settings can only be controlled if you deploy or install 1Password with the 1Password.app installer. If you use the PKG installer, you can monitor updates and deploy them with your MDM solution.

These settings allow you to manage 1Password updates.

SettingKeyType
Automatically check for updatesupdates.autoUpdateBoolean
Set release channel*updates.updateChannelString

* The allowed values are PRODUCTION, BETA, and NIGHTLY.

Authentication

These settings allow you to control the process of signing into the 1Password app.

SettingKeyType
Set a default sign-in address*authentication.defaultDomainString
Enforce the default sign-in address†authentication.enforceDomainBoolean

* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.

† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.

Important

To control these settings, you must first register 1Password for Windows as a managed installation across your team member’s PCs.

The registry key for 1Password 8 for Windows is HKEY_LOCAL_MACHINE\SOFTWARE\Agilebits Inc.\1Password\Policy. You can deploy values to this path to manage settings.

  • For a string, use a REG_SZ value.
  • For an integer, use a QWORD value.
  • For a boolean, use a DWORD value.

    For false, set the value data to 0. For true, set the value data to a non-zero number.

General

These settings allow you to control basic options for the 1Password app.

SettingKeyType
Show the main app window at login*app.openAppOnStartupBoolean
Save new items in [vault]†app.defaultVaultForSavingString
Allow the use of Auto-Typeapp.autoTypeEnabledBoolean
Submit automatically with Auto-Typesecurity.autofill.autosubmitBoolean

* To control this setting, 1Password must be turned on in Windows Settings > Apps > Startup.

† If this string is left empty, 1Password will suggest a vault.

Security

These settings affect how a team member unlocks 1Password and uses data in it.

SettingKeyType
Set the password requirement timeframe*security.authenticatedUnlock.requireAccountPasswordAfterString
Set auto-lock timeout†
(in minutes)
security.autolock.minutesInteger
Lock on sleep, screensaver, or switching userssecurity.autolock.onDeviceLockBoolean
Lock when main window is closedsecurity.autolock.onWindowCloseBoolean
Allow 1Password to prevent your device from sleepingsecurity.blockSleepEnabledBoolean
Remove copied information and one-time passwords after 90 secondssecurity.clipboard.clearAfterBoolean
Always show passwords and full credit card numberssecurity.revealPasswordsBoolean
Always show Wi-Fi QR codessecurity.revealWifiQrCodesBoolean

* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.

† You can choose a number from 1 to 1440 (1 day).

Privacy

These settings allow you to manage settings related to privacy and Watchtower.

SettingKeyType
Show app and website iconsprivacy.downloadRichIconsBoolean
Check for compromised websitesprivacy.checkCompromisedWebsitesBoolean
Check for vulnerable passwordsprivacy.checkHibpBoolean
Check for two-factor authenticationprivacy.checkMfaBoolean
Check for passkeysprivacy.checkPasskeysBoolean

Updates

These settings allow you to manage 1Password updates.

SettingKeyType
Automatically check for updatesupdates.autoUpdateBoolean
Set release channel*updates.updateChannelString

* The allowed values are PRODUCTION, BETA, and NIGHTLY.

Authentication

These settings allow you to control the process of signing into the 1Password app.

SettingKeyType
Set a default sign-in address*authentication.defaultDomainString
Enforce the default sign-in address†authentication.enforceDomainBoolean

* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.

† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.

The preference domain for 1Password 8 for iOS is com.1password.1password.

General

These settings allow you to control basic options for the 1Password app.

SettingKeyType
Save new items in [vault]*app.defaultVaultForSavingString

* If this string is left empty, 1Password will suggest a vault.

Security

These settings affect how a team member unlocks 1Password and uses data in it.

SettingKeyType
Enforce Touch IDsecurity.authenticatedUnlock.appleTouchIdBoolean
Enforce Face IDsecurity.authenticatedUnlock.appleFaceIdBoolean
Allow unlock with device passcodesecurity.authenticatedUnlock.appleDevicePinUnlockBoolean
Set the password requirement timeframe*security.authenticatedUnlock.requireAccountPasswordAfterString
Set auto-lock timeout†
(in minutes)
security.autolock.minutesInteger
Allow 1Password to prevent your device from sleepingsecurity.blockSleepEnabledBoolean
Clear clipboard after timeoutsecurity.clipboard.clearAfterBoolean
Use Universal Clipboard to copy to other devicessecurity.deviceClipboardSharingBoolean
Allow revealing passwordssecurity.revealPasswordsBoolean
Always show Wi-Fi QR codessecurity.revealWifiQrCodesBoolean

* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.

† You can choose a number from 0 to 480. If you choose 0, the app will lock immediately when no longer in focus.

Privacy

These settings allow you to manage preferences related to privacy and Watchtower.

SettingKeyType
Show app and website iconsprivacy.downloadRichIconsBoolean
Use Apple Mapsprivacy.mapsEnabledBoolean
Check for compromised websitesprivacy.checkCompromisedWebsitesBoolean
Check for vulnerable passwordsprivacy.checkHibpBoolean
Check for two-factor authenticationprivacy.checkMfaBoolean
Check for passkeysprivacy.checkPasskeysBoolean

Autofill

These settings allow you to manage preferences related to Autofill.

SettingKeyType
Show passkey suggestionsapp.autoFillPasskeyShowFillingSuggestionsBoolean

Notifications

These settings allow you to manage the notifications that team members receive from 1Password.

Notification typeKeyType
One-Time Passwordsapp.notifyCopyTotpToClipboardBoolean

Authentication

These settings allow you to control the process of signing into the 1Password app.

SettingKeyType
Set a default sign-in address*authentication.defaultDomainString
Enforce the default sign-in address†authentication.enforceDomainBoolean

* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.

† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.

Learn more



Published: