Why does this integration look different from most others? Unlike most of the software ConductorOne integrates with, 1Password doesn’t expose APIs that can be used to connect the two systems. Additionally, 1Password data can only be gathered from unlocked vaults, which means that a user must unlock the vault and manually kick off the data collection process; a periodic automated data pull won’t work.
To work around these issues, ConductorOne’s 1Password Baton connector uses the 1Password CLI to interact with your vaults. Once the CLI is set up,
baton-1passworduses it to interact with your 1Password vaults. The connector will capture user and entitlement data in a file that you upload to ConductorOne.
1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.
🛠️ The 1Password integration uses ConductorOne’s open-source Baton connector for 1Password.
- Sync user identities from 1Password to ConductorOne
- Resources supported:
Integrate your 1Password instance
This integration requires use of 1Password 8 on a Families, Teams, Business, or Enterprise plan. Before you begin, make sure you have a vault set up.
Step 1: Set up the 1Password CLI and locate your sign-in address
Install the 1Password CLI and make sure it is upgraded to the current version.
Locate your 1Password sign-in address by following the instructions in the 1Password docs. We’ll use this address in Step 2.
Step 2: Install
baton-1password and generate a
Run the brew or source commands shown below to install
baton-1password, substituting the sign-in address you looked up in Step 1 for
brew install conductorone/baton/baton conductorone/baton/baton-1password baton-1password baton resources
go install github.com/conductorone/baton/cmd/baton@main go install github.com/conductorone/baton-1password/cmd/baton-1password@main BATON_ADDRESS=myaddress.1password.com baton-1password baton resources
Each installation method includes a
baton-1password command. This command runs the sync on the connector and stores the gathered data in a
sync.c1z file. In the next step, you’ll upload this file to ConductorOne.
Step 3: Upload 1Password data to ConductorOne
A user with the Integration Administrator or Super Administrator role in ConductorOne must perform this task.
In ConductorOne, navigate to an existing application you wish to add the connector data to, or create a new application.
- To create a new application, follow the steps in Create custom applications.
- To use an existing application, open Manage and click Applications and then select the application’s name from the list.
On the application’s page, click the Imports tab.
Click Import app data and select From file.
Click Choose file and select the
sync.c1zfile generated in Step 2.
Once the upload is complete, ConductorOne adds the information pulled from the connector about accounts, groups, roles, resources, and grants (as relevant) to the application.
Important: Any time you need to update information in ConductorOne, you must re-run the
baton-1passwordcommand, generate a new
sync.c1zfile, and re-upload the file to ConductorOne using the process above.