1Password API for Partners Automates Identity Response During Incidents

Post Views: 97

Security Teams Gain Faster Incident Response with 1Password’s Users API for Partners

In a move to enhance incident response capabilities, 1Password has introduced the public preview of its Users API for Partners. This new API enables security teams to automate identity management during active security incidents, streamlining the process of responding to threats.

As part of this launch, 1Password has also introduced a unified access point for its APIs, api.1password.com, which features standardized OAuth-based authentication. This move is designed to facilitate secure, enterprise-grade security integrations with partner solutions.

According to John Torrey, Chief Business Officer at 1Password, “The window between identifying risk and containing it is shrinking rapidly. Security teams require the ability to adjust access in real-time, including credentials and secrets that persist beyond authentication.”

Streamlining Incident Response

The Users API for Partners addresses this need by enabling teams to orchestrate access changes directly within 1Password, integrating the secrets layer into modern response systems.

Historically, detection and alerts have occurred in real-time, but responses have often required manual intervention. The Users API for Partners changes this dynamic by allowing security operations center (SOC) teams to execute programmatic user actions within automated workflows.

This enables the suspension or restoration of users in 1Password as part of a SOC-driven response, reducing exposure time and enabling teams to act on risk with greater speed and consistency.

Secure Integration with Partner Solutions

The new API introduces OAuth 2.0-based authentication, designed for secure, enterprise-grade security. Partners can leverage this API to build integrations with 1Password Enterprise Password Manager, using delegated, scoped authorization to list users, suspend access when risk is detected, and restore access after remediation.

1Password has collaborated with several partners, including CrowdStrike, BlinkOps, Elastic, Sumo Logic, Tines, and Torq, to enable mutual customers to connect 1Password Enterprise Password Manager into existing SOC workflows.

This integration enables organizations to automate identity response workflows, strengthen governance, and maintain audit-ready visibility.

By integrating 1Password with Falcon Fusion SOAR workflows, organizations can incorporate identity actions into automated response processes, closing the gap between detection and containment.

Charlie Ardagh, VP of Strategic Partnerships at Tines, added that “with 1Password integrated into our workflows, identity access can adapt as risk changes, enabling teams to respond with the right context and consistency without slowing down.”

Eldad Livni, Chief Innovation Officer at Torq, emphasized that “identity is central to prioritizing and responding to threats at speed and scale.”

By integrating the Torq AI SOC Platform with 1Password Enterprise Password Manager, Torq combines agentic investigation with automated response, enabling teams to quickly move from detection to identity enforcement.

Let me know if this meets your requirements!