With 1Password Business, you can set policies for how people on your team sign in to and use their 1Password accounts. These include account password requirements, who items can be shared with, and more.
You can set team member policies if you’re an owner, administrator, or part of a group with the Manage Settings permission.
To manage policies, sign in to your account on 1Password.com, click Policies in the sidebar, and choose Manage under the policy you want to change.
Authentication
Authentication policies affect how your team signs in to and unlocks 1Password. You can manage the following settings:
- Account password: Require a certain number of characters, or create a custom policy. Learn how to enforce 1Password account password requirements.
- Two-factor authentication: Allow or enforce two-factor authentication with an authenticator app, security key, or Duo. Learn how to manage two-factor authentication.
- Emergency Kit: Change whether your team members can download an Emergency Kit. Learn more about what happens when you turn off Emergency Kits.
App usage
App usage polices affect how your team uses the 1Password apps and 1Password.com to save and store items in vaults. You can manage the following settings:
- Item sharing: Change who your team can share items with, the expiration time of item links, whether your team can share files, and whether people within your team’s email domain are prompted to join your account. Learn how to manage item sharing settings.
- File storage: Change whether your team can save files in 1Password. Turning off file storage won’t affect files previously saved in your account.
- Passkey item support: Change whether your team can use 1Password to save and sign in with passkeys. Turning off passkey item support won’t remove passkeys previously saved in your account, but team members will no longer be able to use them to sign in.
- App version: Require team members to use the latest version of 1Password. Learn how to require modern 1Password apps.
- Item domains: Change what email address domains are approved for items in your account. If a team member saves an item using an email address with a domain not on this list, it will be flagged in the Business Watchtower report as an item saved in the wrong account.
- Vault permissions: Change the default permissions that are selected when you or your team members share a vault with a person or group. Select the checkboxes next to the permissions you want to be automatically selected when sharing a vault.
- Sidebar navigation: Change whether team members outside the Owners and Administrators groups will see Developer Tools and Integrations in the sidebar. Hiding these from the sidebar does not remove or change active tools or integrations, and team members will still be able to access the pages directly with a link.
Unlock with SSO
Manage policies related to how your team unlocks with SSO, such as whether they can use biometrics in the apps. Learn more about setting up unlock with SSO.
Firewall rules
Manage your team’s firewall rules, such as allowing certain countries and denying some IP addresses. Learn more about creating firewall rules.