Mac updates still require admin rights

acyclic
acyclic
Community Member
edited August 2023 in Business and Teams

I've searched through these discussions and there's a few that mention that Windows no longer requires admin rights to install updates. From our experience, the Mac version of 1Password 8 still does.

Can we please get rid of this requirement for Mac? Our users are no longer admins (per security best practices) and they can no longer update 1Password as a result.


1Password Version: 8.10.13
Extension Version: Not Provided
OS Version: macOS 13.5.1
Browser: Not Provided

Comments

  • Hello @acyclic,

    Thanks for asking about admin permissions required to install 1Password. It's my pleasure to discuss this with you today.

    On Windows, 1Password is able to be installed in %LocalAppData%, which is user writable, and typically allows 1Password to function without needing to be installed as an administrator.

    On Mac, all installations must be placed in /Applications, which always requires administrative access to write too. If 1Password was to be installed in another location, some of the integration and security features we rely upon wouldn't work. Unfortunately, this means there is no way around the administrative access rights requirement when installing or updating 1Password on Mac.

    If your IT team has any deployment tools such as Intune, Jamf, Kandji, or others, 1Password does have installation packages which are suitable for use in these tools, which means that the installation of 1Password, and subsequent updates would be managed by the IT team, and not end users. Admin permissions are still needed, but end users wouldn't be prompted for updates and credentials. If you're interested in this as a potential work around, we have a helpful support article on the topic: Deploy 1Password for Mac and Windows

    I hope this information helps. Be sure to let me know if you have any questions.

    Thank you,

  • acyclic
    acyclic
    Community Member

    We do have an MDM managing 1Password, but there is a delay in the MDM identifying that a new version is available to push out.

    Is there a way to prevent 1Password from automatically checking from updates? Can we set that programmatically through the MDM?

    Thanks,
    Ben

  • acyclic
    acyclic
    Community Member

    Sorry @ScottS1P , to be more clear the article you're directing me to actually doesn't seem to indicate how users wouldn't be prompted for updates. Could you be more clear?

  • Is there a way to prevent 1Password from automatically checking from updates? Can we set that programmatically through the MDM?

    To disable automatic updates with MDM, you'll need to configure a custom profile and have your MDM distribute it to Mac and iOS devices.

    • The preference domain for 1Password 8 is com.1password.1password.
    • Set updates.autoUpdate to false
    • Once deployed, the 1Password app will no longer check for new updates, meaning that end users won't be prompted for admin permission to install updates in the future. If there is a pending update on the device, it will need to be installed with admin credentials before the prompts will stop.

    Thank you,

  • superandrew
    superandrew
    Community Member

    In the linked article, it seems that once deployed with JEMF, there is no way the user could auto update 1password, but the admin should provide the new pkg. Is that so? or is there a way to deploy automatic updates to the users?

  • @superandrew

    Yes, that's right.

    If 1Password for Mac is deployed by your organization, your IT administrator must redeploy updates when they’re released.

    — How to keep 1Password up to date

    If you deploy 1Password for Mac with the PKG installer, updates won’t install automatically. To update 1Password after you deploy it to your team, download the latest version of the PKG installer and redeploy it. You can visit the 1Password Releases website or subscribe to the RSS feed to check for app updates.

    — Deploy 1Password for Mac and Windows

  • superandrew
    superandrew
    Community Member

    ok, this means in our company there's no way to have 1password8 deployed and updated

  • MDM would be the only option I am aware of. Sorry superandrew.

This discussion has been closed.