1Password Features

Process of providing credentials and logging into multiple systems is easy and intuitive for users

Supports required 3rd party Authentication Technologies. Example systems: bioMetric, passwords, key cards, token based systems, etc.

Provides support for Multi-Factor authentication, so users are required to provide multiple factors to authenticate. For example, something they know, Something they have or something they are.

Support SSO via Web agents, proxy agents, agent-less, SAML or oAuth and WS-Federation authentication and authorization Web services depending upon the application and business use case

Can serve as the identity provider to external service providers so that when the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials.

Can serve as the Service provider from an external service so that when the user logs in externally they have seamless SSO to internal applications from a service provider.

Provides ability to control access to PC's, Mobile devices, and other endpoint devices.

Controls access to legacy applications, web based applications, network resources and servers while employees are on the companies local area network.

Controls access to legacy applications, web based applications, networks resources while employees are outside the local area network.

Controls access to users that are not company employees that are either within the companies local area network or outside the network

Enables users to use their own device to access company applications.

Installation process is easy and flexible.

Options for resetting and enforcing password policies

Provides Administration tools/console that are easy to use and learn for routine maintenance tasks

Easily provisions new systems, platforms or applications using configuration and not customization.

Users can set, change passwords without interaction from IT staff

Standard and customized report creation to ensure appropriate access rights have been assigned

Provides mobile application that alerts administrators of potential issues and allows administrators manage access rights

Support for wide variety of cloud and on premise apps to automate provisioning for existing and new applications procured

Provides appropriate application interfaces to enable custom integrations for unique business requirements

Encrypts all data transfers using end-to-end encryption.

Provides audit trails to monitor useage to reduce fraud.

Complies with regulations for strong customer authentication such as KYC, PSD2, and others.

Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application.

Enables administrators to create access policies and applies policy controls throughout request and provisioning processes.

Provides or integrates with a cloud based directory option that contains all user names and attributes.

Integrates with common applications such as service desk tools.

Syncronizes passwords across company systems.

Provides a tool for IT administrators to manage the software.

Configure specific policies for users or groups using group policy objects.

Supports multiple password policies.

Supports multiple languages.

Supports Endpoint access control to multiple operating systems

Allows user authentication to be honored by all the hosts in two or more domains

Support access to browser based applications across required browser types

Provides required failover mechanisms to ensure if one server, network, etc fails users are still able able to authenticate

Contains pre-built and custom reporting tools to required to manage business

Provides mechanism for auditing authentication for trouble shooting purposes.

Can call and pass credentials to third party web services.

Users can request access to an application and be automatically provisioned if they meet policy requirements

Automates account/access rights creation, changes and removals for on-premise and cloud apps

Establish roles that create a set of authentication rights for each user in the role

Enables administrators to create access policies and applies policy controls throughout request and provisioning processes

Terminate access to multiple applications based on dates

Allow business stake-holders/managers to approve or reject requested changes to access via a defined workflow

Enables users to reset passwords without administrator interaction. Enforces password policies when resetting.

Change users and permissions in bulk

Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application

Alerts administrators when inappropriate access occurs

Proactively audits access rights against policies

Sends a one-time passcode (OTP) via SMS.

Provides a one-time passcode (OTP) via voice-call.

Sends a one-time passcode (OTP) via email.

Supports hardware tokens, which are often USB-sized, fob-like devices that store codes.

Offers software tokens, which are applications installed on a mobile phone, wearable devices, or desktops and generate time-based one-time passcodes (TOTP) that a user can easily copy. Software tokens work both online and offline.

Allows biometric factors such as fingerprints, faceprints, voiceprints, or other biometric information to be used as an authentication factor.

Offers mobile push authentication, which is a user-friendly method that does not require a user to copy a code, but rather accept or deny an authentication using a mobile application. Mobile push authentication only works when a user is connected to the internet.

Analyzes users' IP addresses, devices, behaviors and identities to authenticate a user.

Allows the use of tokens on multiple devices. This feature can also be turned off if the user does not want this.

Offers encrypted backup recovery stored by the vendor.

Intetgrates with Active Directory.

Integrates with Lightweight Directory Access Protocol (LDAP)-based directory services.

Utilizes existing known hacking dictionaries to disallow users to select passwords that have been compromized.

Allows administrators to create a custom blacklist to disallow employees from using specific words in their passwords.

Offers FIDO2-enabled authentication method

Works with hardware security keys

Offer users multiple ways to authenticate including, but not limited to: mobile push on trusted devices, FIDO-enabled devices, physical security keys, keycards, smart watches, biometrics, QR codes, desktop app + pin, and others.

Offers solutions when users are offline or do not have access to a mobile phone.

Simplifies or automates user provisioning, deprovisioning, and other user role changes.

Offers password management tools to end users.

Offers single sign-on functionalities to end users, allowing them to authenticate once and be given access to all of their company accounts.

Enforces user-access policies based on individual, role type, group membership or other factors to prevent unauthorized access to company systems and data.

Authenticates users prior to granting access to company systems.

Offers multi-factor authentication methods to verify a user's identity.

Monitors select keywords on the deep web, which are non-indexed parts of the internet not available on the surface web.

Monitors select keywords on the dark areas of the web, which are only accessible via Tor and I2P, such as illicit marketplaces and dark forums.

Provides context around identified information, including historical threat data, threat location data from geotags or inferred data, threat actors names, relationships, URLs, and other relevant information to conduct further investigations.

Integrates into ticketing or CRM platforms via API integrations.

Search through real-time and historical data without using technical query language.

Provides additional context and analysis to help identify the source of leaked information.

Offers a centralized dashboard to monitor, collect, process, alert, analyse and search through data flagged by the software.

Enables real-time alerts and reporting through push notifications in a mobile app, email, or sms alerts.

Creates audit trail of secrets lifecycle

Has a centralized dashboard for users to interact with

Offers a universal approach to secrets management with integrations to centralize secrets regardless of platform

Expedites user logins using methods like a master password or password autofill.

Integrates the tool with your browser for easy use.

Integrates with your mobile device for use on mobile apps.

Enables user to use the tool across multiple devices.

Allows an employer or administrator to manage employee access.

Generates passwords for each of your logins.

Provides extra security by requiring an extra for of verification in addition to a password.

Analyzes and evaluates the quality and variety of your passwords.

Stores records like credit cards or receipts in addition to passwords.

Stores files in addition to passwords.

Connections use open standards such as SAML or RADIS.

Offers developers a mobile software development kit to seamlessly add biometric authentication into their applications.

Integrates with identity and access management (IAM) solutions to manage workforce authentication.

Integrates with customer identity and access management (ICAM) solutions to manage customer authentication.

Complies with the National Institute of Standards and Technology password best practice recommendations.

Complies with the National Cyber Security Centre (NCSC) password best practice recommendations.

Compliant with Section 508 to enable employees with disabilities to use this software.

Provides an IAM solution for on-prem systems.

Provides an IAM solution for cloud-based systems.

Tracks user activities across protected systems.

Provides reporting functionality.

Log and report all modifications to user roles and access rights.

Provide standardized reports for regulatory compliance and audits.

Offers an easy to understand user interface to make setup smooth.

Offers a mobile software development kit (SDK) for iOS, Blackberry, and Android.

Offers a software development kit (SDK) for web-based applications.

Grant access based on user attributes, location, device posture or risk.

Automate onboarding, offboarding, and access reviews throughout user lifecycles.

Enable users to reset passwords and update profiles without admin support.

Identify unusual access patterns using machine learning models.

Dynamically adjust access policies based on risk and AI-generated insights.

Suggest appropriate user roles based on usage patterns and peer behavior.