# 1password business

SureCloud connects to 1Password Business to retrieve team membership records, vault access assignments, and audit log events. This allows SureCloud to verify that access to shared credentials and secrets in 1Password is controlled through appropriate vault permissions, that team membership is current, and that administrative changes to the 1Password account are captured in the audit log.

## Authentication and setup

1Password Business provides API access via the 1Password Events API, authenticated using a Bearer token.

{% stepper %}
{% step %}
**Generate an Events API token in 1Password**

Log in to the 1Password Business admin console at [start.1password.com](https://start.1password.com/). Navigate to **Integrations → Events Reporting → Other** and click **Add Token**. Name it `SureCloud CCM`, select **Audit Events**, **Item Usage**, and **Sign-in Attempts** as the event types. Set an appropriate expiry and click **Generate Token**. Copy the token.
{% endstep %}

{% step %}
**Enter the token in SureCloud**

Navigate to **SureCloud → Integrations → 1Password Business → Connect**. Paste the Events API token and select your account region (e.g. `1password.com`, `1password.eu`, `1password.ca`). Click **Save** and then **Test Connection**.
{% endstep %}
{% endstepper %}

{% hint style="warning" %}
Store the Events API token securely after copying it. SureCloud encrypts it at rest, but treat it as a sensitive credential. Rotate it before its expiry date and update it in **SureCloud → Integrations → 1Password Business → Edit Connection**.
{% endhint %}

## Endpoints

1Password Business exposes audit and usage data via the Events API. SureCloud uses the following:

| API Call                      | Use Case                                                                                   |
| ----------------------------- | ------------------------------------------------------------------------------------------ |
| `POST /api/v1/auditevents`    | Retrieve audit log events including team membership changes and vault access modifications |
| `POST /api/v1/itemusages`     | Retrieve item access events to evidence who is accessing shared credentials                |
| `POST /api/v1/signinattempts` | Retrieve sign-in attempt records including failed authentications                          |

## Pagination

All 1Password Events API endpoints use cursor-based pagination. SureCloud passes the `cursor` value from each response in the next request body, continuing until no `cursor` is returned.

```json
POST /api/v1/auditevents
{
  "limit": 1000,
  "start_time": "2024-01-01T00:00:00Z",
  "cursor": "<value_from_previous_response>"
}
```

## Required permissions

SureCloud requires an Events API token with access to the following event types:

| Event Type       | Purpose                                                            |
| ---------------- | ------------------------------------------------------------------ |
| Audit Events     | Team membership changes, vault access modifications, admin actions |
| Item Usage       | Credential access and retrieval events                             |
| Sign-in Attempts | Authentication success and failure evidence                        |

No vault read, item creation, or account management permissions are required.

## Polling frequency

| Data Type               | Interval      |
| ----------------------- | ------------- |
| Audit events            | Every 6 hours |
| Item usage events       | Every 6 hours |
| Sign-in attempt records | Every 6 hours |

## Troubleshooting

<details>

<summary>Connection test returns 401 Unauthorized</summary>

The Events API token is invalid or has expired. Navigate to **1Password → Integrations → Events Reporting**, confirm the token is active and within its validity period, and regenerate it if necessary. Update it in **SureCloud → Integrations → 1Password Business → Edit Connection**.

</details>

<details>

<summary>Audit events return empty for recent activity</summary>

1Password Events API has a short propagation delay — events from the last few minutes may not yet be available. SureCloud's polling window accounts for this. If events are consistently missing beyond this window, confirm the token was created with **Audit Events** enabled. Tokens created without this event type will return empty audit results.

</details>

<details>

<summary>Wrong region causes connection failure</summary>

1Password Business has region-specific API endpoints. If the wrong region is selected in SureCloud, all API calls will fail. Confirm your account region by checking the URL you use to access the 1Password admin console (e.g. `start.1password.eu` = EU region). Update the region in **SureCloud → Integrations → 1Password Business → Edit Connection**.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://surecloud.gitbook.io/surecloud-docs/integrations/ccm-and-evidence-collection-integrations/1password-business.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.