Skip to main content

1Password Integration

This guide will show you how to setup an integration with 1Password and Indent. Once complete, you can securely grant access to password vaults.

Through API magic, Indent securely grants access to just about any service. 1Password is a good integration if you want improve your org's security around password management.

What can I do with 1Password + Indent?

  • Streamline onboarding new hires
  • Standardize permissions across roles
  • Holistically transfer permissions when an employee moves to a new role
  • Securely offboard users by instantly revoking access

1Password is one of a few password managers integrated with Indent. Other password managers, like Bitwarden are also available. If you'd like us to add another password manager send us a request.

Components

note

This page assumes you completed the Indent Quickstart. (5 min setup)

Configuration

This guide uses an identity provider (like Google or Okta) to connect with 1Password Business. Indent is used to grant temporary (or permanent) access to those groups, and automatically collects evidence your org needs for audits and compliance.

A GitHub Actions and Terraform repo will be used to deploy an Okta + Indent. The integration between Okta and 1Password will then grant access to password vaults to anyone who's part of a related Okta Group. S3 will be used to store Terraform state, and AWS Lambda will run the webhook.

1. Follow the Indent + Okta Guide

  • Open the Indent + Okta docs
  • Follow the Configuration instructions
  • Test your integration with the Using Indent + Okta Groups instructions

2. Follow the 1Password SCIM Bridge Guide

3. Assign password vaults to Okta Groups

  • For secure on-demand access, visit the Integrations section of your 1Password dashboard
  • In the Managed Groups section select the groups you want to Sync your new integration

Interactive Demo

In the following example, you're logged in as Fouad and can request access to an Okta Group. In real usage, you would want an Okta Group linked with a password vault. Requesting access to the OKta Group through Indent gives you the ability to grant secure, on-demand, and auto-expiring access to vaults with sensitive passwords. Indent can also be used for new employees to self-serve requests for permanent access during onboarding.

Try submitting and approving a request:

Summary

Congrats! You added the 1Password + Indent integration. Your employees can now securely request access to credentials. Indent will automatically record an audit log, and auto-expire access after a time period of your choosing.

Check out the Integrations page page for other services your teams want to request. If there's a new integration you'd like to see, request a new one. You might be ready to start inviting others to try Indent. If that's the case, you'll want to send them docs on how to make a request. You and anyone approving requests should read more about approving and declining requests.

Questions

Why can't I see my Groups in Indent?

You might need to sync Okta Groups or Google Workspaces with Indent. Try visiting the Resources section in your Indent dashboard, and clicking Pull Updates.

Can Indent host the integration for me?

Sure! We can host the integration on an AWS tenant. That's a popular way to do an initial setup while your teams test out Indent. To start that process, contact Indent Support

How do I ask for help?

If you have questions or need help with your integration, try chatting with Indent Support.