What is an MCP server?

A Model Context Protocol (MCP) server is an open-standard JSON-RPC endpoint that allows Large Language Models to discover, authenticate, and call external APIs securely. It acts as a translation layer between the AI agent and third-party software like 1Password.

Can I prevent ChatGPT from making write operations in 1Password?

Yes. When generating the MCP server in Truto, you can use method filtering to restrict the server to 'read' operations only. This completely removes write tools from the server, making it impossible for the LLM to suspend users or alter data.

How do I connect the MCP server to ChatGPT?

If you have Developer Mode enabled in ChatGPT Enterprise, Pro, or Plus, navigate to Settings -> Apps -> Advanced settings, click 'Add new server' under custom connectors, and paste the generated Truto MCP URL.

Connect 1Password to ChatGPT: Manage and Control User Access

If you need to connect 1Password to ChatGPT to manage user directories, handle employee offboarding, and audit credential access, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's tool calls and 1Password's strict REST APIs. You can either dedicate engineering cycles to build and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL.

If your team uses Claude instead of OpenAI, check out our guide on connecting 1Password to Claude or explore our broader architectural overview on connecting 1Password to AI Agents.

Giving a Large Language Model (LLM) read and write access to a critical security product like 1Password is a high-stakes engineering challenge. You must handle stringent authorization token lifecycles, map directory schemas to MCP tool definitions, and deal with exact state transitions. Every time an endpoint shifts or pagination cursors change, you have to update your server code. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for 1Password, connect it natively to ChatGPT, and execute complex IT administration workflows using natural language.

The Engineering Reality of the 1Password API

A custom MCP server is a self-hosted integration layer. While Anthropic's open MCP standard provides a predictable way for models to discover tools over JSON-RPC 2.0, implementing it against enterprise security APIs is painful. If you decide to build a custom MCP server for 1Password, you own the entire API lifecycle.

Here are the specific integration challenges that break standard CRUD assumptions when working with the 1Password API:

Strict State Transitions You cannot simply "delete" a user in most enterprise 1Password configurations without risking data loss or breaking compliance audit trails. The API enforces strict state transitions. To offboard a user, you must specifically update their state to suspended. Reactivating a user requires flipping that exact state flag back. If an LLM hallucinates a generic DELETE HTTP request instead of the precise suspension payload, the tool call will fail, and the agent will stall.

Cursor-Based Pagination IT directories are massive. When an LLM requests a list of 1Password users, it cannot ingest 15,000 records at once. 1Password returns paginated lists. Your MCP server must explicitly instruct the LLM to pass cursor values back unchanged to fetch the next set of records. If the server does not enforce this schema rule, the LLM will attempt to guess the pagination logic, resulting in malformed requests and broken directory syncs.

Rate Limits and 429 Errors 1Password enforces rate limits to prevent abuse. It is critical to understand that Truto does not retry, throttle, or apply backoff on rate limit errors. When the 1Password API returns an HTTP 429 Too Many Requests, Truto passes that error directly back to the calling agent. Truto normalizes the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF specification. Your AI framework or custom agent logic is entirely responsible for reading these headers and executing exponential backoff. If your custom server fails to surface these rejections gracefully, the LLM assumes the tool call succeeded and hallucinates a success response.

Generating the 1Password MCP Server

Truto's MCP architecture turns any connected integration into an MCP-compatible tool server dynamically. Instead of hand-coding tool definitions, Truto derives them from the integration's documented API endpoints and JSON schemas.

You can generate the MCP server URL using either the Truto UI or the REST API.

Method 1: Via the Truto UI

If you prefer a visual setup for quick testing, you can generate the MCP server directly from your Truto dashboard.

Navigate to the Integrated Accounts page in your Truto dashboard.
Select your connected 1Password integration.
Click the MCP Servers tab.
Click Create MCP Server.
Select your desired configuration (e.g., restrict methods to read only, or filter by specific tags).
Copy the generated MCP server URL. (e.g., https://api.truto.one/mcp/a1b2c3d4e5...)

Method 2: Via the Truto API

For teams embedding MCP provisioning into their own infrastructure, you can generate the server programmatically. The API validates the integration, generates a secure cryptographic token, stores it in Truto's managed state layer, and returns a ready-to-use URL.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "1Password IT Ops MCP",
    "config": {
      "methods": ["read", "write"]
    },
    "require_api_token_auth": false,
    "expires_at": "2026-12-31T23:59:59Z"
  }'

The response will contain the unique MCP server URL:

{
  "id": "mcp_8f7d6c5b",
  "name": "1Password IT Ops MCP",
  "config": {
    "methods": ["read", "write"]
  },
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6g7h8..."
}

Connecting the MCP Server to ChatGPT

Once you have your Truto MCP server URL, you must register it with your AI framework. Because the URL contains a secure cryptographic token scoped to your specific 1Password tenant, no extra OAuth configuration is needed on the client side.

Method A: Via the ChatGPT UI

If you are using ChatGPT Enterprise, Pro, or Plus with Developer Mode enabled, you can connect the server natively in the UI.

In ChatGPT, navigate to Settings -> Apps -> Advanced settings.
Enable the Developer mode toggle.
Under MCP servers / Custom connectors, click Add new server.
Enter a Name (e.g., "1Password IT Ops").
Paste the Truto MCP URL into the Server URL field.
Click Save. ChatGPT will immediately perform a handshake, run the tools/list initialization, and display the available 1Password tools.

Method B: Via Manual Config File

If you are running a custom desktop agent, Cursor, or a local instance of Claude Desktop, you can configure the connection manually using a JSON file and Server-Sent Events (SSE).

Add the following to your agent's configuration file (e.g., claude_desktop_config.json or your specific framework's config):

{
  "mcpServers": {
    "1password_truto": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/a1b2c3d4e5f6g7h8..."
      ]
    }
  }
}

Hero Tools for User Access Management

Once connected, Truto exposes the 1Password API as standardized tools. Here are the highest-leverage tools your AI agent can now use.

1. List All 1Password Users

This tool retrieves a collection of user objects from the 1Password account. Because Truto handles the schema derivation automatically, the agent understands exactly how to parse the returned user IDs, emails, and current state strings.

"Get me a list of all users currently active in our 1Password account. Return just their names and emails."

2. Search and Filter 1Password Users

The list tool also accepts query parameters, allowing the LLM to filter users by specific attributes without downloading the entire directory. This is critical for efficient context window management.

"Search our 1Password directory for a user with the email 'j.doe@example.com' and tell me their current account state."

3. Get Single 1Password User By ID

When the agent needs deep details about a specific employee - such as their exact creation date, last authentication timestamp, or assigned groups - it uses this targeted lookup.

"Retrieve the full 1Password profile for user ID 'USER_893247' and check when they last authenticated."

4. Suspend 1Password User

This is the critical write operation for IT offboarding. It safely transitions a user's state to suspended, cutting off their vault access immediately without destroying historical audit logs.

"The device belonging to j.doe@example.com was just reported stolen. Immediately suspend their 1Password account."

5. Reactivate 1Password User

Reverses a suspension. This is frequently used by IT support agents resolving false-positive security lockouts or handling returning contractors.

"Jane Smith's security review is complete. Reactivate her 1Password account ID 'USER_112233' and confirm the status change."

For a complete mapping of all available resources, schemas, and endpoints, review the 1Password integration page.

Workflows in Action

Giving an LLM isolated tools is useful, but the real power of MCP lies in chaining these operations together to automate complex IT workflows.

Scenario 1: Emergency Employee Offboarding

When an HR system triggers an emergency termination, IT admins historically had to log into multiple dashboards to revoke access. With ChatGPT connected via MCP, this becomes a natural language command.

"We need to immediately offboard Michael Scott (m.scott@example.com). Find his 1Password account, verify his current status, and suspend his access immediately. Output a summary of the action taken."

Execution Steps:

list_all_1_password_users: The agent passes the email as a filter parameter to locate Michael's exact 1Password internal user ID.
get_single_1_password_user_by_id: The agent fetches the profile to confirm it is currently active.
1_password_users_suspend: The agent executes the write operation passing the located ID.
Result: ChatGPT replies: "I have located Michael Scott's account (ID: USR_4455). His account was active. I have successfully executed the suspension. He no longer has access to any 1Password vaults."

Scenario 2: Security Access Auditing

Compliance frameworks like SOC 2 require periodic access reviews to ensure no suspended contractors have lingering active credentials.

"Run an audit on our 1Password directory. Find all users who are currently marked as suspended. If anyone has been suspended but still belongs to the 'External Contractors' group, list them out for review."

Execution Steps:

list_all_1_password_users: The agent pulls the user directory.
get_single_1_password_user_by_id: The agent iteratively checks the group membership for any user whose state is suspended.
Result: ChatGPT outputs a formatted markdown table of contractors who require hard deletion or group removal by the IT team.

sequenceDiagram
    participant Admin as IT Admin
    participant ChatGPT as ChatGPT
    participant MCP as Truto MCP Server
    participant 1Password as 1Password API

    Admin->>ChatGPT: "Suspend j.doe@example.com"
    ChatGPT->>MCP: Call tool: list_all_1_password_users(filter: email)
    MCP->>1Password: GET /api/v1/users?filter=...
    1Password-->>MCP: Returns User ID "USR_9988"
    MCP-->>ChatGPT: JSON Response
    ChatGPT->>MCP: Call tool: 1_password_users_suspend(id: USR_9988)
    MCP->>1Password: PATCH /api/v1/users/USR_9988/state
    1Password-->>MCP: 200 OK (Suspended)
    MCP-->>ChatGPT: Success Confirmation
    ChatGPT-->>Admin: "John Doe's account has been suspended."

Security and Access Control

Exposing your enterprise password manager to an AI model requires strict governance. Truto's MCP servers provide granular configuration limits enforced at the routing layer, ensuring the LLM cannot exceed its authorized scope.

Method Filtering: By defining methods: ["read"] during server creation, you completely remove all create, update, and delete tools from the MCP payload. The LLM simply will not know the write operations exist, making rogue state changes impossible.
Tag Filtering: You can restrict the server to only expose tools tagged for specific domains (e.g., tags: ["directory"]). This keeps the agent's context window clean and enforces least-privilege access.
Secondary Authentication (require_api_token_auth): By default, possessing the MCP URL grants access. By setting this flag to true, the MCP client must also pass a valid Truto API token in the Authorization header. This ensures that even if the URL leaks in a log file, the endpoints remain completely locked down.
Time-To-Live (expires_at): You can implement Just-In-Time (JIT) access by attaching an expiration datetime. Truto's infrastructure will automatically purge the server configuration and invalidate the URL once the time expires, leaving zero stale access routes.

Moving Beyond Basic Chat

The era of manually clicking through IT administration portals is ending. By connecting 1Password to ChatGPT using a managed MCP server, you transform passive AI chatbots into active, secure IT agents capable of reading directories, interpreting context, and executing critical security policies in seconds.

Operating this architecture yourself means dedicating your engineering team to maintaining strict schema mappings, reverse-engineering undocumented API behaviors, and handling complex rate limit headers. By offloading the integration layer, your team can focus on designing the agentic workflows that actually secure your business.