1Password Device Trust

1Password Device Trust is now available in two powerful versions:

Device Trust Core

• Enforces device compliance checks via the 1Password browser extension.
• Also requires 1Password Enterprise Password Manager Business.

Device Trust Connect

• Includes everything in Core
• Also integrates with major IdPs to enforce device trust and device posture checks before allowing access to SSO-protected apps.
• Ideal for organizations needing robust, IdP-based security enforcement.

For applications behind SSO

• Device Trust integrates directly with identity providers (IdPs) and select VPNs. Devices without the Device Trust agent—or those that fail security posture checks—are blocked from accessing SSO-protected apps and VPN-protected resources. If a device is non-compliant, access is denied, and users are guided through a self-remediation flow to resolve the issue.

For non-SSO web apps

• Extended Device Compliance evaluates device health using the Device Trust agent and enforces compliance via the 1Password browser extension. If a device is non-compliant, access is denied, and users are guided through a self-remediation flow to resolve the issue.

1Password Device Trust is currently compatible with Windows, macOS, and Linux.

The product is also compatible with iOS and Android devices via our mobile apps. We have released an initial set of mobile Checks, with more to come.

Extended Device Compliance extends device posture checks to unmanaged web apps, including those that are not company-managed. It operates using two components:

• Device Trust Agent: Helps identify applications employees use for work and assesses device posture.
• 1Password Browser Extension: Blocks non-compliant devices from accessing protected web apps and guides users to self-remediate.

MDM solutions help IT admins remotely configure company-owned devices, manage software installations and updates, and secure devices by wiping or locking them if they're lost or stolen. However, MDM isn't built to effectively manage employee-owned (BYOD), contractor, or Linux devices, nor does it offer advanced security posture enforcement.

1Password Device Trust fills these critical gaps. It verifies the identity of every device and continuously evaluates over 100 health and compliance signals on all devices—managed or unmanaged—and blocks authentication when policies aren't met.

Many organizations successfully use 1Password Device Trust alongside MDM, enhancing their overall security strategy. Device Trust provides:

• 100+ pre-built health checks and support for custom checks
• Real-time enforcement, instantly blocking non-compliant devices
• Guided self-remediation instructions for end users, reducing IT burden
• Comprehensive visibility and policy enforcement, including unmanaged apps and those without SSO integration

1Password Device Trust’s technical requirements vary by version:

Device Trust Core requires:

• 1Password Enterprise Password Manager Business
• Device Trust agent
• 1Password browser extension

Device Trust Connect requires:

• Integration with a supported identity provider (IdP), including one of the following:
  • Okta: With Basic SSO, Basic MFA, Universal Directory, and Lifecycle Management
  • Microsoft Entra: With P1 or higher, or a Business SKU that includes P1
  • Google Workspace
• Device Trust agent
• (Optional) 1Password Enterprise Password Manager Business and 1Password browser extension to enable Extended Device Compliance feature for non-SSO web apps.