Disable 2FA for 1 account when Enforce two-factor authentication is enabled

PeterCharleston
PeterCharleston
Community Member

Can we white list an account to not use 2FA when Enforce two-factor authentication is set for all users?

how can we use CLI in Automation with 2FA?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hey @PeterCharleston ,

    We are currently designing service account users for use with the CLI, such accounts will use a token to authenticate instead of a login flow.

    In the meantime, I understand that this situation can be frustrating, but please take a look into setting up a Connect server for your automation needs.

    Also, for 1Password CLI v2.0.0 and above, a Connect server can also be used in conjunction with the CLI to retrieve items. Authentication can be done by setting env vars for connect tokens to fetch items from the Connect server instead of the 1Password server as well. This would work for the op item get, op item read, op item inject, and op item run commands which can be used for retrieving secrets in automation.

  • Hi @PeterCharleston

    I'm Sadia, a Product Manager at 1Password, and have some news that may be interesting to you. I am looking for some developers and account owners that would be interested in chatting with me about a new feature our team has been working on: Service Accounts. Earlier this year, we introduced the CLI 2.0, where users can use “run” and “inject” commands to substitute secret references for secrets stored in 1Password vaults. With our new Service Account capabilities, organizations can use a separate non-user account to control and manage access to secrets without deploying additional services like Connect.

    We are currently building service accounts to address use cases like yours and want to understand your pain-points and experiences with secrets management, and gather some feedback.

    If you are interested, please feel free to reach out to me at sadia.azmal@agilebits.com or sign-up for a 30 minute slot on Calendly. I look forward to hearing from you :)

This discussion has been closed.