March 17th, 2026 9:00AM Eastern Standard Time

1Password Launches Users API for Partners To Automate SOC Workflows

Security teams can reduce response time, limit risk exposure, and strengthen audit readiness.

TORONTO — 1Password, a leader in identity security, today announced the public preview of Users API for Partners, which allows security teams to respond to incidents faster during active security events. Launch partners like CrowdStrike, in addition to BlinkOps, Elastic, Sumo Logic, Tines, and Torq enable mutual customers to automatically suspend or restore users in 1Password Enterprise Password Manager when risk is detected. As part of this launch, 1Password is introducing api.1password.com as a unified access point for its APIs, with standardized OAuth-based authentication, beginning with the Users API for Partners. 

“As security operations accelerate with AI-driven detection and automation, the window between identifying risk and containing it continues to shrink,” said John Torrey, Chief Business Officer at 1Password. “It’s no longer enough to simply observe risk. Security teams need the ability to adjust access in the moment, including the credentials and secrets that persist beyond authentication. Users API for Partners allows 1Password to participate directly in automated remediation, enabling teams to orchestrate access changes directly in 1Password. We believe the secrets layer is a critical and often under-addressed surface in the identity ecosystem, and this launch reflects our commitment to integrating it responsibly into modern response systems.”

Moving From Identity Detection to Identity Response

Detection and alerts occur in real time, but responses often require separate manual steps. Behind every alert is an identity: a person, a service account, an API key, or an AI agent. If you can’t quickly confirm or remove that access, your organization remains exposed. With Users API for Partners, SOC teams can execute programmatic user actions within automated workflows to suspend or restore users in 1Password as part of a SOC-driven response. This shifts 1Password from a visibility layer to a response and enforcement point within the broader security stack, helping SOC teams reduce exposure time and act on risk with greater speed and consistency.

New OAuth-Based API Lets Partners Build Security Automation Integrations 

The Users API for Partners introduces OAuth 2.0-based authentication designed for secure, enterprise-grade security. Partners can now build with 1Password Enterprise Password Manager and use delegated, scoped authorization to list users, suspend access when risk is detected, and restore access after remediation. Documentation for the public preview is available at developer.1password.com.

Helping Security Teams Contain Risk Faster During Active Incidents

Working with CrowdStrike, as well as BlinkOps, Elastic, Sumo Logic, Tines, and Torq, 1Password enables mutual customers to connect 1Password Enterprise Password Manager into existing SOC workflows to effectively manage risk. Together, these capabilities allow organizations to:

• Automate identity response workflows: Reduce manual intervention by embedding identity actions programmatically into coordinated security processes, accelerating containment during high-risk incidents.

• Strengthen governance: Orchestrate enforcement of access policies in alignment with organizational and regulatory requirements.

• Maintain audit-ready visibility: Maintain clear audit trails of what actions were taken, when they occurred, and which events triggered them.

“Security teams shouldn’t have to choose between speed and control during an incident,” said Chris Stewart, Vice President, Global Technology & Marketplace Ecosystem Partners at CrowdStrike. “By integrating 1Password with Falcon Fusion SOAR workflows, organizations can incorporate identity actions like suspending user access into automated response processes when risk is detected. This helps close the gap between detection and containment, reducing exposure and enabling security teams to respond faster with the right context.” 

“Our customers use Tines to turn signals from across their technology stack into coordinated action,” said Charlie Ardagh, VP of Strategic Partnerships at Tines. “With 1Password integrated into those workflows, identity access can adapt as risk changes. Teams can respond with the right context and consistency without slowing down.” 

“Identity is central to prioritizing and responding to threats at speed and scale,” said Eldad Livni, co-founder and Chief Innovation Officer at Torq. “By integrating the Torq AI SOC Platform with 1Password Enterprise Password Manager, Torq combines agentic investigation with automated response so teams can quickly move from detection to identity enforcement. Security teams gain the insight to understand what’s happening and the automation to immediately suspend or restore access, reducing mean time to respond while maintaining full visibility, control, and auditability.” 

To learn more about the Users API for Partners, visit our blog.

About 1Password

1Password is redefining identity security for how people and AI agents work today. The 1Password® Unified Access platform discovers and secures identities and credentials, authorizes access continuously, and audits actions across human and AI agents. 1Password SaaS Manager helps organizations discover and secure access to SaaS applications while optimizing spend. 1Password’s enterprise vault protects more than 1.3 billion credentials and secrets and is trusted by more than 1 million developers and over 180,000 businesses, including Asana, Canva, Cresta, Figma, GitHub, HackerOne, Hugging Face, MongoDB, Notion, Salesforce, SandboxAQ, Stripe, and Wiz. Learn more at 1Password.com.

Media Contacts

media@agilebits.com