New Device Trust Check makes browser extension enforcement easier

Your identity and access management solutions only work if your users comply with the policies you set. Even with the right controls in place, enforcement can break down when users – intentionally or not – find ways around them. That’s why, as we continue to develop Extended Access Management (XAM), we’re focused on embedding enforcement more deeply into everyday workflows across 1Password’s suite of solutions.

Today, we’re introducing a new Device Trust Check that helps admins ensure the 1Password browser extension is installed and active on user devices. This Check represents a step forward in how the 1Password Enterprise Password Manager (EPM) and 1Password Device Trust work better together to solve real workplace security problems.

Enforce the browser extension automatically

The 1Password browser extension plays a critical role in delivering a secure and seamless login experience by powering user-facing features like autofill and credential management for EPM, while helping admins enforce security policies through Device Trust and Extended Device Compliance. But until today, there hasn’t been a way to ensure that the extension stays installed and active after initial onboarding.

This new Device Trust Check changes that. Now, admins can automatically verify whether the extension is installed and active. If it’s missing or disabled, 1Password will prompt the user to fix it before access to the desktop app is denied. It’s a low-lift way to address a high-impact enforcement issue.

Stronger, connected enforcement without extra work

When our products work together, they play a big role in making our enforcement model smarter, more cohesive, and harder to evade. Here’s how it works in this case:

• Device Trust’s Extended Device Compliance feature evaluates device posture for apps outside SSO
• EPM provides access policy controls to those apps
• This new Check connects the two, closing the loophole where users could disable or uninstall the browser extension to authenticate without passing a device health assessment

By embedding this Check directly into the desktop app, we’re ensuring that security isn’t a one-time setup; it’s continuous. It’s a concrete step toward delivering on the promise of closing the Access-Trust Gap by strengthening enforcement where traditional tools fall short, and pushing us closer to a connected, always-on access layer.

How it works

Let’s say you’ve deployed 1Password EPM and 1Password Device Trust across your organization. As part of the setup, you’ve required the 1Password browser extension to be installed so browser-based device health checks (via Extended Device Compliance) can be enforced.

On the surface, you’ve done everything correctly. But what happens when a user forgets to enable the extension? Or even worse, when a user silently uninstalls it?

Previously, that created a blind spot. Browser-based Device Trust Checks would stop running, enforcement could quietly break, and IT teams might think everything is fine, leading to security and compliance risks for both admins and users.

Now, when the extension is uninstalled or disabled, users are met with:

• Escalating modals in the 1Password desktop app with clear options to fix the issue
• Snoozable banners that act as persistent reminders
• A redirect webpage if the extension is uninstalled
• A full block after 7 days, preventing access to the 1Password desktop app until the extension is restored

This is all made possible by the deep integration between EPM and Device Trust, giving you confidence that enforcement policies hold well beyond initial onboarding.

End user experience: from missing extension to guided recovery

Here’s how the end-user experience looks, from uninstalling the extension to self-remediated recovery, when this Check is enabled.

Instance 1: Users land on a post-delete redirect page after removing the extension
If a user uninstalls or doesn’t enable the 1Password Browser Extension, they’re immediately redirected to a branded browser page prompting them to fix the issue. This is the first touchpoint that helps minimize disruption and encourages self-remediation.

Instance 2: Initial 1Password desktop app modal
If a user fails to act on the first warning, when the user next opens the 1Password desktop app, they’ll see a modal pop-up via our new Device Trust Check that informs them that access will be blocked if the extension remains uninstalled and inactive. They’ll get options to fix the issue, recheck, or snooze, which gives them time to self-remediate without contacting IT.

Instance 3: Grace period banner while the check is snoozed
If the user hits snooze on the modal, a persistent banner appears at the top of the 1Password desktop app, reminding them to reinstall or re-enable the extension. This grace period gives users a chance to fix the issue themselves before enforcement kicks in, without being blocked immediately.

Instance 4: Snooze period ends, and user access is blocked
Once the snooze period expires, the user is fully blocked from using 1Password until the extension is reinstalled or re-enabled. This enforces compliance while still guiding users with a clear next step and helpful prompts to remediate on their own.

Instance 5: Access is fully restored once the extension is active
As soon as the extension is installed and active again, full access is restored automatically. No IT intervention is needed, and users can pick up right where they left off.

Start securing every identity, app, and device – activate Device Trust & EPM today

Already using Device Trust and EPM?

• You can enable this new Check directly in the Device Trust admin console. If you have questions or want help rolling it out, your Customer Success Manager is there to support you.

Not using 1Password Extended Access Management yet? Or would you like to see how the full system works together?

• Book a demo to see how 1Password helps secure every identity, app, and device, with enforcement that adapts to how your workforce works.

Evan Sandhu

Product Marketing Associate