JAMF 1Password “app data management”

nT7nDJQQTkvZktvF
nT7nDJQQTkvZktvF
Community Member

Hello, I am a paying customer of the 1Password service using the software on multiple devices, one of which an iPhone property of my employer.
The iPhone in question has a management profile installed - JAMF, enforcing settings (screen lock etc) and managing certain apps (such as gmail, calendar etc) with the ability to push app updates and remote wiping of data.

As of recently my employer has also become a customer of 1Password for enterprise needs and has included 1Password to the list of apps it tries to manage via JAMF.

If I am to continue to use the device for my personal 1Password needs, it is claimed that on iPhone JAMF does not have access to the app data by means of iOS sandboxing and the management is only capable of forcing updates on the app itself.

This contradicts the message the operating system displays. While I do not distrust the claim I wish to gain a deeper understanding of how much of a risk I would be exposing my vault to, should I accept the JAMF management.

I am attaching a screenshot of the prompt by iOS at the attempts the system makes in managing the app (which I keep canceling).

To add additional context, the following documentation was provided to me regarding the JAMF capability on iOS:
https://docs.jamf.com/10.19.0/jamf-pro/administrator-guide/Understanding_Managed_Apps.html

Does the community feel that this added link to the chain of trust constitutes a large compromise? A less convenient resolution for me to carry two mobile phones with me, a prospect that I do not look forward to.

I am almost content with allowing the management of the app by JAMF. However I did not wish to take the statement that security of my vault data would not be diminished at face value without independently verifying.

Any thoughts and insights on the matter would be much appreciated.

Kind regards

Comments

  • Hi @nT7nDJQQTkvZktvF

    This may be a question you want to address to JAMF as well, but as far as we're concerned having 1Password managed by an MDM system does not, in and of itself, expose your decrypted data to anyone.

    Ben

  • nT7nDJQQTkvZktvF
    nT7nDJQQTkvZktvF
    Community Member

    Thank you for the prompt response. This statement puts my mind at a bit of an ease with regards to MDM systems interacting with 1Password.

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Ben, you are welcome @nT7nDJQQTkvZktvF! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.