Inside DigitalOcean’s SOX Compliance Playbook

ConductorOne docs

Set up 1Password connector

ConductorOne provides identity governance and just-in-time provisioning for 1Password. Integrate your 1Password instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests.

Why does this connector look different from most others? Unlike most of the software ConductorOne integrates with, 1Password doesn’t expose APIs that can be used to connect the two systems. Additionally, 1Password data can only be gathered from unlocked vaults, which means that a user must unlock the vault and manually kick off the data collection process; a periodic automated data pull won’t work.

To work around these issues, ConductorOne’s 1Password Baton connector uses the 1Password CLI to interact with your vaults. Once the CLI is set up, baton-1password uses it to interact with your 1Password vaults. The connector will capture user and entitlement data in a file that you upload to ConductorOne.

Capabilities

ResourceSyncProvision
Accounts
Groups
Vaults

Available hosting methods

Choose the hosting method that best suits your needs:

MethodAvailabilityNotes
Cloud hostedA built-in, no-code connector hosted by ConductorOne.
Self-hostedThe 1Password connector hosted and run in your own environment.

Set up a 1Password self-hosted connector

This connector requires use of 1Password 8 on a Families, Teams, Business, or Enterprise plan. Before you begin, make sure you have a vault set up.

Step 1: Set up the 1Password CLI and locate your sign-in address

  1. Install the 1Password CLI and make sure it is upgraded to the current version.

  2. Locate your 1Password sign-in address by following the instructions in the 1Password docs. We’ll use this address in Step 2.

Step 2: Install baton-1password and generate a .c1z file

  1. Run the source commands shown below to install baton-1password, substituting the sign-in address you looked up in Step 1 for myaddress.1password.com.

    source

    go install github.com/conductorone/baton/cmd/baton@main
go install github.com/conductorone/baton-1password/cmd/baton-1password@main

BATON_ADDRESS=myaddress.1password.com baton-1password
baton resources

The baton-1password command runs the sync on the connector and stores the gathered data in a sync.c1z file. In the next step, you’ll upload this file to ConductorOne.

Step 3: Upload 1Password data to ConductorOne

This task requires the Connector Administrator or Super Administrator role in ConductorOne.

  1. In ConductorOne, navigate to an existing application you wish to add the connector data to, or create a new application.

    • To create a new application, follow the steps in Create custom applications.

    • To use an existing application, click Applications. On the Managed apps tab, select the application’s name from the list.

  2. On the application’s page, scroll down to the Connectors area of the page.

  3. Click Import app data and select From file.

  4. Click Choose file and select the sync.c1z file generated in Step 2.

Once the upload is complete, ConductorOne adds the information pulled from the connector about accounts, groups, roles, resources, and grants (as relevant) to the application.

To update information in ConductorOne: Re-run the baton-1password command, generate a new sync.c1z file, and re-upload the file to ConductorOne using the process above.