Skip to main content

Manage Connect servers

info

As of Feb 27, 2025, all 1Password customers have unlimited access to Connect.

A Connect server is a type of Secrets Automation workflow that allows you to securely access your 1Password items and vaults in your company's apps and cloud infrastructure using a private REST API provided by 1Password Connect Server.

You can use 1Password.com or the Connect REST API to:

Manage permissions

With 1Password Business or 1Password Teams, you can manage Connect server permissions with groups, or more granularly, with environments. This allows for enforcement of security best practices. Learn more about Connect security.

tip

You can also manage group access using automated provisioning.

Manage global permissions

Groups allow you to specify one or more users who can access Connect servers.

To assign groups (such as Owners and Administrators) to manage Connect servers:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Select Permissions from the top navigation bar, then select Secrets Automation.
  3. In the Managers section, select Manage, then choose the groups you want to manage Connect servers.
  4. Select Update Groups.
Manage Secrets Automation managersManage Secrets Automation managers

Manage environment permissions

Environments allow you to override global permissions (with groups) for a specific Connect server environment.

To assign groups (such as Owners and Administrators) to manage a specific Connect server:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Select Permissions from the top navigation bar, then select Secrets Automation.
  3. In the Environments section, select Manage.
  4. In the Permissions section, select Manage, then choose the groups you want to manage Connect servers in the environment.
  5. Select Update Groups.

Manage access tokens

Secrets automation access tokens are also called Connect server tokens. The following sections show how to manage Connect server tokens:

Create a token

To create a Connect server token:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Choose the Secrets Automation environment where you want to create a Connect server token.
  3. Select New Token.
  4. Follow the onscreen instructions to issue an access token.
caution

You can't edit the vaults a token can access after you create it. If you want to change the vaults a token can access, you must revoke the token and create a new one.

Connect tokens can support up to 100 vaults each. If you grant a Connect token access to more than 100 vaults, the server may reject requests.

Set a token expiration

You can set token expiration time of 30, 90, or 180 days when you create a Connect server token. When the expiration time elapses, 1Password revokes the Connect server token.

To set a token expiration date:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Choose the Secrets Automation environment where you want to create a Connect server token.
  3. Select New Token.
  4. Set the "Expires After" to 30 days, 90 days, or 180 days.
  5. Continue with the onscreen instructions.

Revoke a token

To revoke a Connect server token:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Choose the Secrets Automation environment where you want to manage Connect server tokens.
  3. Select next to the token you want to revoke, then select Revoke.

Rename a token

To rename a Connect server token:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Choose the Secrets Automation environment where you want to manage Connect server tokens.
  3. Select next to the token you want to rename, then select Rename and enter a new name.

Grant or revoke access to vaults

To grant or revoke access to vaults:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Choose the Secrets Automation environment where you want to grant or revoke access to vaults.
  3. In the Vaults section, select Manage and choose the vaults you want to add or remove.
  4. Select Update Vaults.

You can't grant Connect servers access to your built-in Personal, Private, or Employee vault, or your default Shared vault.

Manage which vaults have access to each tokenManage which vaults have access to each token

Monitor item usage

Connect servers send reports about item usage to the 1Password server every time an item is accessed so you can monitor item usage.

info

Item usage information might take a few hours to sync with 1Password.com.

To view item usage for a Connect server:

  1. Sign in to your account on 1Password.com and select Developer in the sidebar.
  2. Choose the Secrets Automation environment (Connect server) you want to monitor.
  3. Under Version, select More Actions > View Item Usage Report.

For more information, visit Create reports in 1Password Business.

About Connect server item usage

Items accessed through a Connect server update specific fields in the following manner:

  • The Action field in the report always shows Display.
  • The Used by field always includes the name of the Connect server instance (not the Connect server token).

Connect servers only report item usage when they have a working connection to the 1Password server. If a Connect server can't reach the 1Password server (for example, when it updates or restarts), it might lose item usage information from that time period.

Item usage reporting continues when the Connect server has a working connection to the 1Password server again.

Was this page helpful?