Conditional Access

Hi @ShelleyCurley,

Firewall rules in 1Password Business will apply to all platforms and block all connections, including from the 1Password.com web interface, apps, browser extensions, and 1Password CLI/developer tools, so this may help with your use case of preventing your team access their work data from outside the office.

If it's a first sign in for the device (meaning a user is setting up the 1Password desktop or mobile app for the first time on a device), they will be blocked and unable to access the account on that device until they sign in from a location with an approved IP address.

That said, if the device was previously authenticated, they will still have access to their local cache of data in the app, but won't be able to sync any changes to or from the server until they reconnect from a location that isn't blocked. This is because you can still decrypt the 1Password apps using your account password or biometrics.

Let me know if the accessing the local cache is still a concern, as it may be possible to achieve a close online-only setup using unlock 1Password with your SSO provider, reinforced by your applied firewall rules.

Hello @ShelleyCurley,

Let us know how things go when you try this out.

Also consider sending an email to BusinessSupport@1Password.com if you'd like to open a support ticket with our SSO specialists. They can help you review how things are set up, and may have more guidance on conditional access policies for 1Password.

Thank you and have a wonderful weekend,