1Password Configuration

Business & Enterprise only

Note that our 1Password integration is limited to the Business and Enterprise product plans. See our pricing page for more information.

Background

Twingate integrates with 1Password by leveraging their device verification to restrict access to only secure devices. Admins can add 1Password as a verification requirement to macOS, Windows, and Linux Trusted Profiles. In turn, devices will be required to be verified by 1Password to sign in to Twingate or access certain Resources.

How it works

Twingate integrates with 1Password by matching the device serial numbers returned by the Twingate Client to those managed by 1Password. Devices are considered 1Password-verified if they meet the following requirements:

Its serial number is returned by 1Password
The device meets 1Password’s device checks

Configuring the 1Password integration in Twingate

Generate a 1Password API key

To set up the integration, you’ll need an API key from 1Password Device Trust:

Log into your 1Password Device Trust Console
Click on your user account on the upper right corner
Go to Settings
On the left panel, click on Developers
Click on Create New Key
Give it a name and click Save. No special write permissions are required for this integration

Configure the integration on the Twingate Admin Console

In Twingate, navigate to Settings and then select Device Integrations

Select Connect next to 1Password and input your 1Password Device Trust API Key

After the integration is configured, the Device Integrations page will show the current status of the integration

Incorporate 1Password into Security Policies

After the 1Password integration has been set up, it can be configured into Device Security Trusted Profiles.

For macOS, Windows, and Linux, create a Trusted Profile and require 1Password as a Trust Method. Only devices verified by 1Password will satisfy the requirements of this Trusted Profile. This Trusted Profile can now be incorporated into Security Policies.

Troubleshooting

After the 1Password integration is set up, the Device Integrations page will show the status as “Waiting to sync”. During this time, devices may be missing the correct 1Password verification state. After a few minutes, the Device Integrations page will show the most recent sync time and devices will correctly show their state on their device details page.

A device can be listed as 1Password not verified for the following reasons:

The device is not managed by 1Password
The device auth_state is blocked

In the case of an error, the 1Password integration will show the time of the last successful sync. Twingate will attempt to connect for 28 hours. When we are able to reach the 1Password API, the errors will be resolved automatically. If Twingate is unable to connect within 28 hours, the integration will stop attempting to connect. Admins will be notified via email that the integration needs attention. For these errors, we recommend reconfiguring the integration and inputting new API client information.

Last updated 27 days ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating