Skip to main content

About 1Password Business

The 1Password connector reads audit and access events from your 1Password Business account and surfaces them in Iru Compliance as artifacts you can attach to actions and controls. The integration uses 1Password’s Events Reporting API and is read-only. Iru does not change vaults, items, or users in 1Password.

How It Works

Iru authenticates with a bearer token (JWT-SA) that you issue in the 1Password admin experience. Events are read from the events hostname that matches your account region (US, EU, CA, Enterprise, and so on). Sign-in attempts, item usage, and audit events can all feed compliance evidence when your token includes those event types.
DetailValue
CategorySecurity
AuthenticationBearer token (JWT-SA)
1Password planBusiness (Events Reporting requires Business; Teams and individual plans do not include the Events API)
For setup steps on the 1Password side, see Get started with 1Password Events Reporting and the Events API in 1Password’s developer documentation.

Prerequisites

  • A 1Password Business subscription.
  • A user who is an Owner, Administrator, or a member of a group with View Administrative Sidebar.
  • A few minutes to create the integration, issue a token, and complete the Iru connector.

Connect 1Password to Iru

Configure Events Reporting and the token in 1Password Business, then use Complete the connector in Iru for Iru Compliance.

Create an Events Reporting integration

1

Sign in to 1Password Business

Sign in at 1Password.com with an administrator who can manage Integrations and Events Reporting.
2

Open Integrations

In the sidebar, select Integrations.
3

Open Events Reporting

Find the Events Reporting section (sometimes under Reporting or Security, depending on 1Password UI updates).
4

Choose integration type

Select Add integration (or Connect). Pick your SIEM category if it is listed; otherwise choose Other so you can point events at Iru’s collector model.
5

Name the integration

Enter a clear name (for example Iru Compliance) so operators can distinguish this integration from other SIEM or webhook destinations.
6

Save the integration shell

Select Add integration (or Save) to create the integration record. You will issue the bearer token in the next section.

Issue the bearer token

1

Open token settings

On the integration page, begin configuring the new token.
2

Set token name and expiration

Enter a token name you will recognize (for example Iru production). Set expiration up to 180 days (the maximum allowed).
3

Enable required event types

Enable Sign-in attempts, Item usages, and Audit events. All three are needed for full coverage in Iru.
4

Issue and store the token

Select Issue token, then copy the JWT. It is shown once; store it in your vault and treat it like any other secret.

Complete the connector in Iru

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on 1Password

Find 1Password (set Category to Security or use Search by name or description). On that card, turn on the toggle. A new browser tab opens the connector approval flow (connect/approve?link=…).
3

Select your events server

Pick the host that matches where your 1Password account sends Events API traffic:
OptionURL
1Password Enterprisehttps://events.ent.1password.com
1Password (default)https://events.1password.com
1Password CAhttps://events.1password.ca
1Password EUhttps://events.1password.eu
Select Confirm server. You should see confirmation that the server was saved.
4

Paste the bearer token

In the connector wizard (opened from Iru), paste the JWT into the Token field when prompted and submit.
5

Finish the connection

Click Submit Bearer Token. When the connection succeeds, the wizard shows Connection Configured.
6

Confirm the source is Active

Close the Iru is requesting access to external services browser tab, then return to ComplianceSources and confirm the 1Password card is Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
The token expired or was revoked. Issue a new token in 1Password and submit it again in the connector.
Confirm the token includes all three event types. A token limited to sign-ins only will not return item-usage or audit evidence.
Turn the source off on Sources, turn it on again, and select the correct events host before submitting the token.
Events Reporting requires 1Password Business. Other plans do not expose this API.

Considerations

Tokens expire on a schedule (up to 180 days)

Tokens expire on a schedule (up to 180 days). Plan rotation before expiry to avoid gaps in evidence collection.

Connectivity is outbound HTTPS from Iru to your…

Connectivity is outbound HTTPS from Iru to your chosen events.* host. You do not need to allow inbound access from Iru into 1Password.

Iru only reads events

Iru only reads events. It cannot create, edit, or delete 1Password data.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.