Introducing 1Password® Extended Access Management With Kolide

Jason Meller
May 2nd, 2024

It’s hard to believe Kolide has been part of 1Password for just three months, given the magnitude of what we are announcing today. I knew when we joined 1Password’s team that we shared a vision for the future that would let us hit the ground running. However, nothing prepared me for how fast things can move when you find the right partner and race together to solve the same problems.

I am so incredibly humbled and proud that at this year’s RSAC, I get to announce 1Password and Kolide’s joint vision for the future of the identity and access management space.

Allow me to introduce 1Password® Extended Access Management.

1Password® Extended Access Management

Extended Access Management (or XAM for short) represents a unique, optimistic, and human-centric approach to solving the very real deficits IT and Security teams face as they continue to rely on IAM strategies that – let’s face it – haven’t worked well for at least a decade.

Over the last ten years, businesses have realized the massive upside of allowing people to tailor how they work to their own needs. People are choosing the apps they need to do their jobs, they are using the devices they are most familiar with, and they’re working from the places where they are happiest and most productive. This shift to hybrid work, flexible BYOD policies, and consumer-grade SaaS apps has created a rich tapestry of choices, unlocking a renaissance of employee productivity and work-life happiness.

The Access-Trust Gap

Unfortunately, the usual suspects in the IAM and device management space were never built for this world. They operate in only one way: through the perpetuation of classic corporate monolithic culture, where people must use the same things, the same ways, in the same places, at the same times. It’s a world with cubicles, shirt sleeves, gray PCs powered by corporate dreck, where you squeeze yourself into an overflowing commuter train at 6:12PM and get home hours later, just as the kids are going to sleep.

Have a Linux computer? Sorry, our MDM doesn’t support that. Want to use Basecamp instead of No can do; it doesn’t support our SSO provider.

But users have stopped listening to this endless parade of “no.” They are still using the unmanaged Linux computer, still signing up for Basecamp and putting company data on it, and IT is left hopelessly out of the loop, because these activities are functionally invisible.

Well, it’s not in hand. Credentials are leaking, production data is being lost, PCs are being compromised, and customers are being hurt.

According to 1Password’s latest The State of Enterprise Security: Annual Report, 92% of security pros say their company requires IT to approve software that’s used for work. But 59% say they have no control over whether employees follow those information security policies.

This is what we call the Access Trust Gap.

The Access Trust Gap occurs when end-users do not take the secure and sanctioned path IT has laid out for them.

Envisioning the Solution

Most IT and security folks actually hate the current state of enterprise IT because they are enablers at heart. They desperately want users to be happy and productive. They hate saying no. They just don’t have the right tools to say yes while keeping the company safe. So it’s “no, no, no!”

Extended Access Management is a solution that starts by asking:, how can we enable IT to say “Yes,” to workers without creating security risk? How can we create a system that embraces and accepts the new ways in which we all work, and then offers sensible, human-focused, and high-efficacy solutions to the problems created by this new world?

To better understand the benefits of Extended Access Management, it helps to compare it to classic Identity and Access Management thinking that permeates the tools we use today.

Unmanaged SaaS Apps

Classic Access Management pretends unmanaged SaaS apps aren’t a problem by simply ignoring them. If an app can’t be managed, it might as well not exist.

Extended Access Management acknowledges that unmanaged SaaS apps exist and provides employees with proven and user-friendly plain-text credential management so that they can use these apps safely and securely.

App Insights & Shadow IT

Classic Access Management solutions only know about the usage of SaaS apps you’ve already purchased and managed, leaving you ignorant of any apps that may be in major usage outside of IT’s visibility.

Extended Access Management shines a light on Shadow IT by providing insights into the usage of apps you had no idea even existed. Even better, XAM provides a path to officially sanction these apps and manage them easily, which is both a win for IT and the employees who rely on them.

Device Trust

Classic Access Management only considers the person authenticating, simply verifying their first and second factor credentials. This effectively allows any device to access any app, completely undercutting the company’s investment in MDM and creating many opportunities for attackers.

Extended Access Management provides easy-to-deploy Device Trust that protects every application in its purview. This version of Device Trust verifies that devices are known, trusted, and in a secure state to access apps. If they aren’t, instead of blocking and frustrating users, it provides paths to redemption, ways to let IT approve new devices, and end-user friendly instructions to help employees fix problems themselves.

Of course, talk is cheap. When can you get a real glimpse of this story in action? The answer is today. Which brings me to a slew of tangible product announcements.

Kolide is the central pillar of 1Password® Extended Access Management

I am proud to announce that Kolide’s Device Trust product is the central pillar of the 1Password® Extended Access Management solution. If you use Okta for your IdP, you can even buy it right now.

I am also excited to announce that starting this summer, Kolide will no longer be just for Okta customers. We are rolling out support for Google Workspace and then Microsoft Entra later this year. Here’s a quick video of Kolide working directly with Google Workspace!

Starting in July, Kolide will be able to protect applications directly without needing to rely on Okta!

We aren’t stopping there either; we want to hear from everyone and learn about your situation so we can prioritize our next integrations.

Rest assured, this isn’t some veiled way of saying Kolide is going away. Our team is working to complete our Device Trust vision so it can become the central connective tissue that enables the other pieces of Extended Access Management to work.

I pushed for this for one simple reason: we have some killer features planned that combine Device Trust, unfederated apps, and 1Password’s Watchtower service in the future. The true value of Extended Access Management can only be realized when all these things work together.

XAM Is The Way of The Future

The innovative approach of Extended Access Management could only be conceived by a team who understands that people, when properly motivated and honestly guided, are the key to addressing IT and Security’s most complex challenges. The combination of 1Password’s Enterprise Password Manager and Kolide’s Device Trust is more than a product; it’s the embodiment of a new philosophy for how we manage identity and access in the modern workplace.

Today, as we stand on the brink of this exciting new era, we invite you to join us in reimagining the future of work, security, and identity management. Together, we can create a safer, more productive digital world for everyone.

Additional Resources

Here are a few links to learn more:


How do I buy 1Password® Extended Access Management?

Today, XAM is the combination of Kolide Device Trust and 1Password’s Enterprise Password Manager, with many more features and integrations to come. You can now purchase XAM at

Are Kolide’s prices going up?

No, for existing customers, all Kolide’s prices are staying the same through 2024. We may revisit our pricing and packaging model as we deploy more features in 2025.

What will happen to the Kolide product?

This announcement signifies that Kolide is the central component of 1Password’s most ambitious new product since its founding. We expect 1Password Enterprise Password Manager (EPM) and Extended Access Management (XAM) to remain separate and distinct offerings with significant and deep integrations between them.

The Kolide team is leading the charge on this effort and is receiving additional investment and headcount. For now, Kolide will retain our brand, name, and website, eventually transitioning to 1Password XAM branding as the solution matures.

What IdPs do you support?

Currently, we support Okta. This summer, we will add support for Google Workspace and then Microsoft Entra later this year. If you have another IdP in mind, we’d love to hear from you so we can prioritize our integration plans for the future.

What if I already am a 1Password Enterprise Password Manager Customer, how do I get 1Password® Extended Access Management?

Please visit the 1Password XAM website for more details on how to explore adding 1Password® Extended Access Management to your account.

Share this story:

More articles you
might enjoy:

1Password Acquires Kolide
Jason Meller
How Commonlit Balances Student Security and Employee Privacy
Watershed Thinks Big to Keep a Small Team Secure
Watch a Demo
Watch a Demo