With 1Password for Managed Service Providers (MSPs), you can set up and manage 1Password for companies you work with as a service provider. After you set up your account, you can add technicians from your team who will help administer your managed companies.
Step 1: Sign up for a 1Password MSP account
To get started, sign up for a 1Password MSP account. If you already have an account that your team uses for 1Password internally, contact 1Password Support and request that your account is converted to an MSP one.
After you sign up, follow the steps to get started as an administrator and set up your account. Make sure to invite team members who will be working with your managed companies.
Important
To make sure the company accounts you manage are secure, everyone in your MSP account will need to use multi-factor authentication.
If your team uses single sign-on (SSO), you can set up your 1Password account to unlock with SSO, then consider the additional security guidelines below for MSP accounts.
If you didn’t set up your account to unlock with SSO, continue to step 2.
If you use Unlock with SSO
Technicians have administrative access to all your managed companies, so their accounts should be as secure as possible. If your team will unlock 1Password with SSO, follow these guidelines for the 1Password SSO application in your identity provider:
- Turn off persistent cookies. For example, in Entra ID you can turn off the ‘Stay signed in?’ prompt.
- Require frequent re-authentication. For example, in Okta you can create an authentication policy with “User must authenticate with” and “Prompt for authentication”.
- Require multi-factor authentication. For example, in Entra ID you can create a Conditional Access policy to require multi-factor authentication.
Step 2: Add technicians
People in the Owners or Administrators group of your account can manage companies. In some cases, you may want to add people to the MSP Administrators group to limit administrative ability within your MSP account. People in the MSP Administrators group have permissions to:
- View managed companies.
- Link and unlink managed companies.
- Sign in to managed companies and perform administrative tasks.
Alternatively, you can create a custom group and give it granular permissions. For example, you can allow people in a group to only view, link, and unlink companies, but not launch into them.
When you’re ready to add a technician, make sure they’ve been invited to your account and confirmed as a team member, then:
- Sign in to your MSP account on 1Password.com.
- Choose Groups in the sidebar, then select MSP Administrators or a custom group you created.
- Choose Manage in the People section.
- Select the team members you’d like to be technicians, then choose Update Group Members.
Next steps
After you set up your MSP account, your technicians can add and manage companies. Learn how to manage companies as a managed service provider.
If you’re tax-exempt, when you subscribe to 1Password for MSPs, you can submit a request to have sales tax removed.
Get help
Some 1Password features aren’t yet supported for MSP technicians in managed accounts:
Other users in your managed companies can still use these features, and we’ll be adding support for them to MSP accounts later in the beta period.