1Password connector

The 1Password connector uses the 1Password Users API to manage users in a 1Password Enterprise Password Manager account. It enables security teams to automate identity-level response actions — such as suspending compromised users — directly from Elastic Security workflows.

Create connectors in Kibana

You can create connectors in Stack Management > Connectors. For example:

Connector configuration

1Password connectors have the following configuration properties:

Account UUID: The UUID of your 1Password account. You can find this in the 1Password admin console.
Client ID: The OAuth 2.0 Client ID for your 1Password integration.
Client Secret: The OAuth 2.0 Client Secret for your 1Password integration.

The connector authenticates using the OAuth 2.0 Client Credentials flow with client_secret_basic authentication. The token URL and scope are derived automatically.

Test connectors

You can test connectors as you're creating or editing the connector in Kibana.

The 1Password connector has the following actions:

List Users

List users in the 1Password account, optionally filtered by state.

filter (optional): Filter expression — user.isActive() or user.isSuspended(). Omit to return all users.
maxPageSize (optional): Maximum number of users to return in a single response.
pageToken (optional): Token to fetch the next page of results.

Get User

Retrieve details for a single user by their UUID.

uuid (required): The UUID of the user.

Suspend User

Suspend an active user, preventing them from accessing the 1Password account. Vault access configuration remains intact.

uuid (required): The UUID of the user to suspend.

Reactivate User

Reactivate a suspended user, restoring their access to the 1Password account.

uuid (required): The UUID of the user to reactivate.

Connector networking configuration

Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.

Get API credentials

To use the 1Password connector, you need OAuth 2.0 client credentials from a 1Password Enterprise Password Manager account:

Log in to your 1Password account as an Admin, Owner, or Security group member.
Navigate to Integrations > OAuth Applications and create a new application.
Configure the application with the required scopes: List users, List user, Suspend user, Reactivate user.
Save the Client ID and Client Secret. You will not be able to retrieve the secret later.
Copy your Account UUID from the admin console URL or account settings.
When configuring the connector in Kibana, enter the Account UUID, Client ID, and Client Secret.