1Password today announced new capabilities for its Extended Access Management (XAM) solution that include agentic AI security, extended device compliance, a unified admin console, and a centralized app launcher for end users.
1Password is putting its stake in the agentic AI ground with these new features, says Jason Meller, vice president of product, who joined the company when it acquired Kolide, a device security solution company he founded.
“We think the idea that AI with agency is an inevitability,” he tells MSP Success. “We think most businesses are going to be adopting agentic AI starting this year, but really deeply going to be considering it in 2026. And we think that the state of the union for identity and access management is not in a place that is going to successfully allow organizations to use this new type of artificial intelligence.”
The reason? “Their identity and access management solution will simply hamstring that AI; it will not be able to get access to the granularity of data that it needs to do its work and it be able to do it safely and efficiently.”
He continues, “The name of the game is really how do we give AI this access in a way that’s auditable, ensures that the most critical times a human is in the loop and revokes that access the moment it’s no longer needed, and differentiates it meaningfully from the human beings that work at the company. These are all the problems that we’re looking to solve. Our first step towards that is … enabling developers to effectively start building AI agents today with this new access model in mind.”
Eye on Agentic AI
New to the XAM platform and available now is 1Password SDK for Agentic AI. It enables programmatic management of vault items, allowing developers to build AI workflows that securely read, write, share, and rotate secrets at runtime. And with 1Password Service Accounts, IT and developers can create scoped API keys for AI agents to retrieve secrets from 1Password vaults, without exposing full human credentials. Finally, Enterprise Password Manager now provides vaults to securely store secrets for AI agents to access service providers to automate tasks, as well as provide audit logs to track machine identity for enterprise security teams.
1Password first introduced the XAM solution, which enables businesses to secure every sign-in to every application from every device, around last year’s RSA Conference. “So the big thing that we’re bringing to RSA [taking place next week], is both product capability, but mostly our desire to put our stake in the ground and say we are … very bullish on agentic AI,” says Meller.
Device Health Checks
Coming in June to the XAM solution is the addition of Extended Device Compliance. This will give IT visibility into applications employees are using for work and enforce device health checks before granting access to web and AI apps, whether devices are managed or personal.
“Extended Device Compliance allows us to get in front of the end user when they’re browsing on sites that the company wants to put some extra trust layers on top of,” Meller says.
For example, if employees have access to websites with sensitive data, this new capability will “advise the user that their device is starting to enter a state that’s insecure,” Meller explains. “Maybe they’re missing a critical patch or maybe there’s something significantly wrong with their device that makes it less trustworthy, but you can start giving them a heads up that they’re going to lose access to that particular website or app until they get their device back into compliance.”
Meller says this is relevant for both BYOD and managed devices. “We have this thing called ‘MDM drift’ where you might be on the MDM [mobile device management] and your device is fully managed, but there’s still aspects with your computer that are wrong, where the IT and security team need the end user’s help to get it into a secure state. So this is effectively allowing that IT and security team to ask the end user to do a number of things on their behalf that make the device safer, even when that device is fully managed.”
Other new capabilities in XAM include:
App Launcher: secure, one-click access to both managed and unmanaged business apps—streamlining sign-ins, access requests, and remediation for end-users from a single, browser-based hub. Beta will be available in June 2025.
1Password Access Governance: IT teams gain full visibility and control over SaaS apps, enabling them to discover shadow IT, automate access reviews, and eliminate wasted spend while enforcing security and compliance. Available in Fall 2025.
XAM Console: a unified admin hub that lets IT and security teams manage the user lifecycle, surface insights, enforce policies, and stay ahead of risk with visibility into users, apps, and devices. Available in Fall 2025.
The MSP Roadmap
1Password does not currently have an MSP edition of Extended Excess Management, but Meller says it’s on the roadmap. Last year, the company introduced an MSP Edition of its flagship Enterprise Password Manager solution as well as rolled out a partner program, which the company will be enhancing as well.
“Certainly we’re getting some things aligned. We’re going to be starting a technical advisory board with the MSPs so that we can start to gather feedback that will inform our roadmap,” says Lori Cornmesser, vice president of channel and alliance sales, who joined the company last September. “We want to make sure that we’re driving this in a way that they’re offering seamless, secure solutions.”
Cornmesser stresses that the MSP segment of the channel is important to 1Password. “It’s one of our fastest growing areas of the business for us and one of the biggest bets that we’ve made in the company from an investment standpoint in terms of people, resources, and go-to-market.”
