With remote work, bring-your-own-device, and shadow IT apps becoming commonplace, the number of unsanctioned apps and untrusted devices is rapidly climbing. And cybersecurity and IT leaders have been stuck with tools that only secured access to some applications, some devices, and some people, creating an Access-Trust Gap.
That’s why we pioneered a new software cybersecurity category: Extended Access Management (XAM). Extended Access Management solves the Access-Trust Gap by securing every sign-in, for every app, from every device. It’s also why we launched 1Password®️ Extended Access Management in May 2024. It’s the only product on the market that solves the Access-Trust Gap.
1Password Extended Access Management has been available to Okta customers since its release. Due to the demand we’ve seen from companies of all sizes, including those who use identity providers like Microsoft Entra and Google Workspace, we’ve accelerated our product roadmap. As a result, 1Password Extended Access Management is now available to Microsoft Entra customers and in private beta for Google Workspace customers.
Today’s advancements accelerate key capabilities of 1Password Extended Access Management:
- Device Trust support for Microsoft Entra is now generally available, and support for Google Workspace is now in private beta testing. Device Trust keeps unknown and unhealthy devices away from sensitive data by checking the health of every device, and providing step-by-step guidance for end users to bring those devices into compliance before granting access.
- Application Insights is now in private beta testing. Application Insights gives businesses visibility into the applications their employees are actually using, so they can guide users toward company-approved applications, or manage access to unmanaged apps.
- User Identity is now in private beta testing. User Identity gives businesses who don’t currently have an identity security solution an easy way to manage end-user identities throughout their entire lifecycle. It provides an access gateway to both managed and unmanaged apps.
- Universal Sign On provides a unified login experience across managed and unmanaged apps, whether accessed through passwords, passkeys, MFA, or third-party identity security solutions.
What’s new in 1Password Extended Access Management
Device Trust support for Microsoft Entra and Google Workspace
Device Trust is now compatible with Microsoft Entra ID (now generally available) and Google Workspace (now available to select customers in private beta).
This means that in addition to Okta customers, Microsoft Entra customers can now implement the Device Trust component of 1Password Extended Access Management. A limited number of Google Workspace customers will also be able to begin testing the integration, with more users being invited to participate in the beta over time. With Device Trust implemented, device compliance becomes a requirement for accessing company resources.
It also saves precious IT time, too, by giving end users step by step instructions to bring their device into compliance. And that holds true not just for employees, but third parties like contractors, too.
Extend single sign-on to every application with User Identity
User Identity fills the gaps for 1Password customers who don’t have an identity security solution in their stack, positioning 1Password as an access gateway to both managed and unmanaged apps.
Extending single sign-on to every application secures access to every website and app to mitigate vulnerabilities, and gives admins the ability to manage identity lifecycles from provisioning access to offboarding.
Take control of shadow IT with Application Insights
Application Insights gives admins visibility into the applications employees are actually using. From there, they can:
- Secure access to unmanaged apps
- Consolidate unused licenses to reduce spend
Instead of trying to stamp out every instance of shadow IT that pops up, admins can manage access to those applications, or guide employees toward company-approved apps.
Secure every authentication method, no matter how employees sign in, with Universal Sign-On
1Password Extended Access Management now offers comprehensive Universal Sign-On.
This means that your employees can use any authentication method to create an account for a particular site or service. They could use a traditional username and password, MFA, or a passkey. They could sign in with their Google or Microsoft credentials. Or they could use the new User Identity functionality (which, again, uses 1Password as an access gateway to managed and unmanaged apps).
No matter the underlying authentication method, employees don’t need to think about how they sign in. All they have to do is click, and 1Password will sign in for them.
Device Trust in action: Microsoft Entra edition
Let’s look at how end users will encounter Device Trust in their day-to-day work, and how it protects your business.
- Imagine an employee is signing in to a service – Microsoft 365, for example – in a web browser.
- Prior to completing the sign-in process, that user will be asked to verify the health of the device they’re using to sign in.
- A simple click starts the Device Trust verification process. The Device Trust agent then checks the health of the device against parameters determined by the 1Password account admin.
- Once device health is verified, the sign-in process continues, and the user is signed in.
- If a device fails a health check (if the web browser they’re signing in with isn’t up-to-date, for example), the user is given instructions on how to fix the issue, and they can run the check again once that’s done.
We’ll be demoing Device Trust and other 1Password Extended Access Management functionality at BlackHat on August 7–9th. If you’re in the neighborhood, stop by Booth 968 to see it in action.
In the meantime, you can also schedule a demo to see it all in action.
Tweet about this post