If you’re an administrator in 1Password Teams or 1Password Business, you can use mobile device management (MDM) to enforce stricter controls for employees who use 1Password on their devices. You can use these settings to configure 1Password using your MDM solution.
Wichtig
Installations of 1Password 7 or earlier won’t be affected by these settings.
Die Präferenzdomäne für 1Password 8 für Mac ist com.1password.1password. Diese Einstellungen müssen mit MDM angewendet werden und können nicht manuell mit dem Befehl defaults festgelegt werden.
Download a sample .mobileconfig profile.
General
These settings allow you to control basic options for the 1Password app.
| Setting | Key | Type |
|---|---|---|
| Start at login | app.startAtLogin | Boolean |
| Save new items in [vault]* | app.defaultVaultForSaving | String |
| Automatisch übermitteln mit Universelles automatisches Ausfüllen. | security.autofill.autosubmit | Boolean |
* Learn how to set the default vault for saving new items. If this string is left empty, 1Password will suggest a vault.
Sicherheit
Hilfe
If you also enforce unlock or auto-lock settings with policies on 1Password.com, those selections will take precedence over any enforced MDM settings.
These settings affect how a team member unlocks 1Password and uses data in it.
| Setting | Key | Type |
|---|---|---|
| Enforce unlock using Touch ID | security.authenticatedUnlock.appleTouchId | Boolean |
| Enforce unlock using Apple Watch | security.authenticatedUnlock.appleWatchUnlock | Boolean |
| Allow 1Password to unlock when the device is unlocked | security.authenticatedUnlock.deviceBasedUnlock | Boolean |
| Set the account password requirement timeframe* | security.authenticatedUnlock.requireAccountPasswordAfter | String |
| Set auto-lock timeout† (in minutes) | security.autolock.minutes | Integer |
| Lock when device locks or sleeps | security.autolock.onDeviceLock | Boolean |
| Lock when main window is closed | security.autolock.onWindowClose | Boolean |
| Remove copied information and one-time passwords after 90 seconds | security.clipboard.clearAfter | Boolean |
| Verwende die Universelle Zwischenablage , um auf andere Geräte zu kopieren. | security.deviceClipboardSharing | Boolean |
| Keep device active for Large Type | security.blockSleepEnabled | Boolean |
| Always show passwords and full credit card numbers | security.revealPasswords | Boolean |
| Always show Wi-Fi QR codes | security.revealWifiQrCodes | Boolean |
* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.
† You can choose a number from 1 to 1440 (1 day).
Privatsphäre
These settings allow you to manage settings related to privacy and Watchtower.
| Setting | Key | Type |
|---|---|---|
| Show app and website icons | privacy.downloadRichIcons | Boolean |
| Check for compromised websites | privacy.checkCompromisedWebsites | Boolean |
| Check for vulnerable passwords | privacy.checkHibp | Boolean |
| Check for two-factor authentication | privacy.checkMfa | Boolean |
| Check for passkeys | privacy.checkPasskeys | Boolean |
Browsers
These settings allow you to control how 1Password connects with browsers.
| Setting | Key | Type |
|---|---|---|
| Allow connections with unsupported browsers | browsers.other-trusted-apps.enabled | Boolean |
Updates
Wichtig
These settings can only be controlled if you deploy or install 1Password with the 1Password.app installer. If you use the PKG installer, you can monitor updates and deploy them with your MDM solution.
These settings allow you to manage 1Password updates.
| Setting | Key | Type |
|---|---|---|
| Automatisch nach Updates suchen | updates.autoUpdate | Boolean |
| Set release channel* | updates.updateChannel | String |
* The allowed values are PRODUCTION, BETA, and NIGHTLY.
Authentifizierung
These settings allow you to control the process of signing into the 1Password app.
| Setting | Key | Type |
|---|---|---|
| Set a default sign-in address* | authentication.defaultDomain | String |
| Enforce the default sign-in address† | authentication.enforceDomain | Boolean |
* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.
† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.
You can use an administrative template (ADMX) to control settings in 1Password through Group Policy. You can import templates directly into Active Directory or Intune.
To get the template for 1Password, download this file, then open the ZIP file to extract its contents. To learn how to set up and use the template in your organization, review the README.md file in the template folder for further instructions.
Wichtig
If you’re using the HKEY_LOCAL_MACHINE\SOFTWARE\Agilebits Inc.\1Password\Policy registry key to control settings in your organization, you should migrate to administrative templates.
This registry key is deprecated, and we’ll be removing support for it in May 2026. You can find steps to migrate in the README.md file after you create a template.
General
These settings allow you to control basic options for the 1Password app.
| Setting | Key | Type |
|---|---|---|
| Show the main app window at login* | app.openAppOnStartup | Boolean |
| Save new items in [vault]† | app.defaultVaultForSaving | String |
| Allow the use of Auto-Type | app.autoTypeEnabled | Boolean |
| Allow proxy detection‡ | proxy.autoDetectNetworkSettings | String |
| Submit automatically with Auto-Type | security.autofill.autosubmit | Boolean |
* To control this setting, 1Password must be turned on in Windows Settings > Apps > Startup.
† Learn how to set the default vault for saving new items. If this string is left empty, 1Password will suggest a vault.
‡ Turn this off to force a direct network connection.
Sicherheit
Hilfe
If you also enforce unlock or auto-lock settings with policies on 1Password.com, those selections will take precedence over any enforced MDM settings.
These settings affect how a team member unlocks 1Password and uses data in it.
| Setting | Key | Type |
|---|---|---|
| Set the account password requirement timeframe* | security.authenticatedUnlock.requireAccountPasswordAfter | String |
| Allow 1Password to unlock when the device is unlocked | security.authenticatedUnlock.deviceBasedUnlock | Boolean |
| Set auto-lock timeout† (in minutes) | security.autolock.minutes | Integer |
| Lock when device locks or sleeps | security.autolock.onDeviceLock | Boolean |
| Lock when main window is closed | security.autolock.onWindowClose | Boolean |
| Remove copied information and one-time passwords after 90 seconds | security.clipboard.clearAfter | Boolean |
| Keep device active for Large Type | security.blockSleepEnabled | Boolean |
| Always show passwords and full credit card numbers | security.revealPasswords | Boolean |
| Always show Wi-Fi QR codes | security.revealWifiQrCodes | Boolean |
* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.
† You can choose a number from 1 to 1440 (1 day).
Privatsphäre
These settings allow you to manage settings related to privacy and Watchtower.
| Setting | Key | Type |
|---|---|---|
| Show app and website icons | privacy.downloadRichIcons | Boolean |
| Check for compromised websites | privacy.checkCompromisedWebsites | Boolean |
| Check for vulnerable passwords | privacy.checkHibp | Boolean |
| Check for two-factor authentication | privacy.checkMfa | Boolean |
| Check for passkeys | privacy.checkPasskeys | Boolean |
Browsers
These settings allow you to control how 1Password connects with browsers.
| Setting | Key | Type |
|---|---|---|
| Allow connections with unsupported browsers | browsers.other-trusted-apps.enabled | Boolean |
Updates
These settings allow you to manage 1Password updates.
| Setting | Key | Type |
|---|---|---|
| Automatically check for updates* | updates.autoUpdate | Boolean |
| Set release channel† | updates.updateChannel | String |
* This setting only applies if 1Password is installed with the MSIX, MSI, or App Installer. Learn how to control updates if you deploy 1Password through the Microsoft Store.
† The allowed values are PRODUCTION, BETA, and NIGHTLY. This setting only applies if 1Password is installed with the MSIX or MSI, not with App Installer or through the Microsoft Store.
Authentifizierung
These settings allow you to control the process of signing into the 1Password app.
| Setting | Key | Type |
|---|---|---|
| Set a default sign-in address* | authentication.defaultDomain | String |
| Enforce the default sign-in address† | authentication.enforceDomain | Boolean |
* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.
† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.
The preference domain for 1Password 8 for iOS is com.1password.1password.
General
These settings allow you to control basic options for the 1Password app.
| Setting | Key | Type |
|---|---|---|
| Save new items in [vault]* | app.defaultVaultForSaving | String |
* Learn how to set the default vault for saving new items. If this string is left empty, 1Password will suggest a vault.
Sicherheit
Hilfe
If you also enforce unlock or auto-lock settings with policies on 1Password.com, those selections will take precedence over any enforced MDM settings.
These settings affect how a team member unlocks 1Password and uses data in it.
| Setting | Key | Type |
|---|---|---|
| Enforce unlock using Touch ID | security.authenticatedUnlock.appleTouchId | Boolean |
| Enforce unlock using Face ID | security.authenticatedUnlock.appleFaceId | Boolean |
| Allow unlock with device passcode | security.authenticatedUnlock.appleDevicePinUnlock | Boolean |
| Allow 1Password to unlock when the device is unlocked | security.authenticatedUnlock.deviceBasedUnlock | Boolean |
| Set the account password requirement timeframe* | security.authenticatedUnlock.requireAccountPasswordAfter | String |
| Set auto-lock timeout† (in minutes) | security.autolock.minutes | Integer |
| Clear clipboard after timeout | security.clipboard.clearAfter | Boolean |
| Verwende die Universelle Zwischenablage , um auf andere Geräte zu kopieren. | security.deviceClipboardSharing | Boolean |
| Keep device active for Large Type | security.blockSleepEnabled | Boolean |
| Always show passwords and full credit card numbers | security.revealPasswords | Boolean |
| Always show Wi-Fi QR codes | security.revealWifiQrCodes | Boolean |
* The allowed values are "one-day", "two-weeks", "thirty-days", and "never". Each value must be enclosed in quotation marks, as shown here.
† You can choose a number from 0 to 480. If you choose 0, the app will lock immediately when no longer in focus.
Privatsphäre
These settings allow you to manage preferences related to privacy and Watchtower.
| Setting | Key | Type |
|---|---|---|
| Show app and website icons | privacy.downloadRichIcons | Boolean |
| Use Apple Maps | privacy.mapsEnabled | Boolean |
| Check for compromised websites | privacy.checkCompromisedWebsites | Boolean |
| Check for vulnerable passwords | privacy.checkHibp | Boolean |
| Check for two-factor authentication | privacy.checkMfa | Boolean |
| Check for passkeys | privacy.checkPasskeys | Boolean |
Autofill
These settings allow you to manage preferences related to Autofill.
| Setting | Key | Type |
|---|---|---|
| Show passkey suggestions | app.autoFillPasskeyShowFillingSuggestions | Boolean |
Benachrichtigungen
These settings allow you to manage the notifications that team members receive from 1Password.
| Notification type | Key | Type |
|---|---|---|
| One-Time Passwords | app.notifyCopyTotpToClipboard | Boolean |
Authentifizierung
These settings allow you to control the process of signing into the 1Password app.
| Setting | Key | Type |
|---|---|---|
| Set a default sign-in address* | authentication.defaultDomain | String |
| Enforce the default sign-in address† | authentication.enforceDomain | Boolean |
* Use the following structure for the sign-in address: domain.1password.com. The scheme (https://) shouldn't be included.
† To use this setting, you must set a sign-in address for the authentication.defaultDomain setting.
Appendix: Set the default vault for saving new items
To specify a vault and account to save new items, use the following structure:
{"VaultReference":{"vault_uuid":"UUID","account_uuid":"UUID"}}
Replace both UUID values with the appropriate ones for the vault and account you want to use.
To enforce the default behavior and prevent users from changing this setting, enter the following string instead:
CurrentVaultOrFallback
Mehr erfahren
War dieser Artikel hilfreich?
Freut mich, das zu hören! Wenn du etwas hinzufügen möchtest, zögere nicht, uns zu kontaktieren.
Tut mir leid, das zu hören. Bitte kontaktiere uns, wenn du uns mehr darüber erzählen möchtest.