1Password, one of the best password managers we’ve seen, is introducing Unified Access to its Extended Access Management (XAM) platform.
By combining 1Password Enterprise Password Manager (EPM) and 1Password SaaS Manager, businesses will be able to discover and manage company credentials under an umbrella of Zero Trust access governance.
Unified Access now available
Business growth often results in new apps and platforms being used across the business.
Separate areas of the business invest in SaaS tools without notifying IT teams, resulting in ‘shadow IT’ (unmanaged applications used by employees without the knowledge of IT) and ‘SaaS sprawl’ (the widespread use of software-as-a-service apps by teams within a business without the knowledge of IT that results in wasted spending and redundant tools).
The sudden emergence of new credentials can quickly overwhelm IT administrators due to the sheer volume of credentials that need to be tracked and managed. Couple this with employees coming and going, and it can become a serious security concern.
In fact, 1Password’s 2025 Annual Report found over a third (38%) of employees have admitted to accessing a former employer’s accounts after leaving the company. If not managed properly, disgruntled former employees could use their credentials to cause untold damage.
Unified Access allows administrators to discover and manage credentials by scanning the organization’s EPM vault for stored credentials, and then centrally managing them through Unified Access.
Credential access can also be controlled by revoking access to employees as soon as they change roles or leave the organization. The Unified Access platform also helps administrators comply with governance requirements such as SOC 2, ISO 27001, and HIPAA by creating records for each access and rotation event.
Unified Access shifts governance to the access layer itself. IT and security teams can manage, revoke, and audit access to both SSO and non-SSO applications regardless of device ownership or location.
Jason Meller, VP of Product Architecture at 1Password
The App Launcher also makes access easier for employees, as every single sign-on (SSO) and non-SSO app that an employee uses is centralized, with access granted by a single click without the need for the employee to know or fill in the required username or password.
This removes the need to track down credentials for each app an employee needs, potentially increasing efficiency and productivity.
The Public Preview of 1Password’s Unified Access will be available from January 13 and is open to existing 1Password EPM Business customers in US-hosted environments with at least 100 users.
In order to further explore the capabilities of Unified Access and the potential benefits it can bring to businesses struggling with credential management, I spoke to Jason Meller, VP of Product Architecture at 1Password:
- What are the main benefits a CISO could communicate to a C-Suite to justify the investment in a Unified Access platform?
Most organizations already have identity tools, but access no longer lives entirely inside them. SSO and IAM are necessary, but they don’t cover a large and growing set of real-world access: shared team accounts, admin credentials, break-glass access, and the long tail of SaaS apps that never make it into SSO. That gap is where risk accumulates.
Unified Access is built for that reality. It governs both federated and unfederated access from a single place, instead of forcing security teams to stitch together multiple tools and processes. By bringing credential management, SaaS discovery, and application access into one system, organizations reduce exposure from unmanaged credentials, simplify access workflows, and improve audit readiness without adding operational overhead.
For the business, that translates into lower risk and better control without slowing teams down. Employees get a single, consistent way to access every app they need, and security teams get visibility and accountability across both SSO and non-SSO environments. It’s access that reflects how modern organizations actually operate: distributed, fast-moving, and no longer confined to a single identity system.
- How can businesses using remote/hybrid working and BYOD policies benefit from using a Unified Access platform?
Remote and hybrid work didn’t just change where people work, it changed how access works. Employees are signing into business applications from personal devices, outside a managed network, often using credentials that never pass through SSO.
Unified Access shifts governance to the access layer itself. IT and security teams can manage, revoke, and audit access to both SSO and non-SSO applications regardless of device ownership or location. Shared and sensitive credentials stay centrally protected, and access can be updated or revoked immediately as roles change or people leave.
For employees, this removes friction. They get one reliable way to access everything they need from anywhere, without handling or sharing passwords. For security teams, it provides consistent, auditable access control that holds up in distributed, BYOD-heavy environments, without trying to force everything back into a traditional perimeter model.
- What visibility does Unified Access provide in device-level security and shadow IT, and how does Unified Access help provide continuous authentication in an environment without a defined perimeter?
In a perimeterless world, security can’t depend on trusted networks or fully managed devices. Unified Access focuses on securing access itself rather than assuming the environment is trusted.
It gives security teams clear visibility into which applications and credentials are actually being used, including shared and sensitive accounts that typically sit outside SSO. By observing credential usage and SaaS access, it surfaces hidden access paths and unmanaged apps that traditional IAM tools often miss.
Every access event is attributable. Role changes, credential use, and access revocation are logged and auditable, and access can be removed instantly when conditions change. The result is continuous visibility and control over access, even when employees are working from anywhere, on any device, without a defined perimeter.
- Will Unified Access availability be expanded to smaller businesses once public preview is completed, and if so, what forms of support will be provided to businesses without a large IT team to handle more advanced configuration?
Yes, following the public preview, Unified Access will be generally available to all organizations of any sizes. For organizations with lean IT teams that can’t justify SSO for every app or manage complex identity infrastructure, Unified Access can be a strong solution. By securing access across both SSO and non-SSO apps, it centralizes access and governance of shared and sensitive credentials. This lets smaller teams govern access consistently, even when SSO coverage isn’t practical or complete.
The best password manager for all budgets
https://cdn.mos.cms.futurecdn.net/sEvdEzNeMF5eYWitaDFiN8-2560-80.png
Source link
benedict.collins@futurenet.com (Benedict Collins)
