Native Messaging Problems with Edge Extension

wraith
wraith
Community Member
edited October 22 in 1Password in the Browser

My machines have a MS Security Baseline applied, which amongst other things blocks user-level native messaging hosts. Since that has applied, the 1Password extension cannot communicate with the 1Password application. I've seen discussion of the issue here, but for some reason all the answers are deleted and there are just references to "I'll email you".

What NativeMessagingAllowlist needs adding to the baseline so that my machines can all use 1Password extension properly?

1Password Version: 8.10.48
Extension Version: 8.10.48
OS Version: Windows 11 24H2
Browser: Edge

Comments

  • EvonG1P
    EvonG1P

    Hello, @wraith. Thank you for writing in.

    The NativeMessagingUserLevelHosts policy needs to be either removed or has a value of "1" for Native Messaging to work with 1Password. If the value is set to "0", it will actively prevent the NativeMessaging process for 1Password.

    Here's a workaround to only allow NativeMessaging for 1Password, which is using NativeMessagingBlocklist and NativeMessagingAllowlist at the same time.

    The steps below involve editing the registry and it's important that you backup the registry before proceeding. Improperly editing the registry can damage Windows or other apps on your device. If you're not familiar with the registry then please open a ticket with our support team by sending an email to support+forum@1Password.com so that they can guide you through the process step-by-step.

    1. Open the Registry Editor.
    2. Add two new Keys "NativeMessagingBlocklist" & "NativeMessagingAllowlist" under both:
      • Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge
      • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
      • You can right-click on the "Edge" folder and select "New" > "Key"
    3. Add a new String Value named "1" and set the value as " * " under both:
      • Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingBlocklist
      • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingBlocklist

    Now if you open Edge, all NativeMessaging activities should be blocked there. Next, let's set the "NativeMessagingAllowlist" to enable 1Password in Edge:

    1. Add a new String Value named "1" and set the value as "com.1password.1password" under both:
      • Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist
      • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist

    Once that's done, open and unlock the 1Password desktop app then restart Edge. You should see 1Password unlock in the browser as well.

    -Evon

  • wraith
    wraith
    Community Member

    Thanks @Evon, that workaround (permitting specifically 1Password) is exactly what I Was looking for. Many thanks!

  • EvonG1P
    EvonG1P

    You're very welcome, @wraith. 🙂

    -Evon