Connect 1Password to Claude: Audit and Update Member Status

If you need to connect 1Password to Claude to automate user lifecycle management, audit contractor access, or streamline offboarding, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between Claude's natural language tool calls and 1Password's backend identity management APIs. You can either spend weeks building and maintaining this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. If your team uses ChatGPT, check out our guide on connecting 1Password to ChatGPT or explore our broader architectural overview on connecting 1Password to AI Agents.

Giving a Large Language Model (LLM) read and write access to a sensitive identity perimeter like 1Password is a massive engineering challenge. You have to handle strict API token security, map System for Cross-domain Identity Management (SCIM) schemas to MCP tool definitions, and deal with specific rate limit constraints. Every time an endpoint changes, you have to update your server code, redeploy, and test the integration.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for 1Password, connect it natively to Claude, and execute complex identity management workflows using natural language.

The Engineering Reality of the 1Password API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools via the tools/list JSON-RPC method, the reality of implementing it against 1Password's APIs is painful.

If you decide to build a custom MCP server for 1Password, you own the entire API lifecycle. Here are the specific challenges you will face when translating 1Password's architecture for an LLM:

Complex SCIM Filtering Syntax 1Password utilizes SCIM 2.0 for its automated provisioning and user management endpoints. SCIM requires a highly specific filter syntax using operators like eq (equals), co (contains), or sw (starts with). If you expose a raw filter parameter to Claude, the model will frequently hallucinate invalid query structures, resulting in HTTP 400 Bad Request errors. A managed MCP server abstracts this complexity, presenting the LLM with explicitly defined query properties rather than open-ended SCIM filter strings.

Cursor-Based Pagination When you request a list of users from a large enterprise 1Password account, the API does not return the entire directory at once. It paginates the response. If you expose raw pagination parameters to Claude, the model will often hallucinate cursor values or fail to iterate through pages correctly. Truto normalizes this across all endpoints into a standard limit and next_cursor schema. Truto explicitly injects instructions into the tool description, telling the LLM to pass cursor values back unchanged, ensuring stable directory traversal.

Strict Rate Limits and IETF Normalization 1Password enforces strict rate limits to protect its infrastructure. A common mistake engineers make when building custom MCP servers is expecting the server to automatically retry or absorb rate limit errors. Truto does not retry, throttle, or apply backoff on rate limit errors. When the 1Password API returns an HTTP 429 (Too Many Requests), Truto immediately passes that error back to the caller.

However, Truto normalizes the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF spec. The AI agent or calling application is responsible for reading these headers and implementing its own retry and exponential backoff logic. This architectural decision prevents hidden timeouts and ensures the agent maintains absolute control over its execution loop.

How to Generate a 1Password MCP Server

Truto dynamically generates MCP tools based on the resources and documentation records defined in your integrated 1Password account. Tools are never cached or pre-built. When Claude sends a tools/list request, Truto reads the 1Password integration configuration, validates the presence of documentation records, and compiles the tools in real-time.

You can create a 1Password MCP server in two ways: via the Truto UI or programmatically via the API.

Method 1: Generating via the Truto UI

For administrators setting up Claude Desktop locally or configuring a workspace, the UI is the fastest path.

1. Navigate to the Integrated Accounts page in your Truto dashboard and select your connected 1Password instance.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Define the server configuration. You can specify a human-readable name, restrict allowed methods (e.g., selecting only read methods to prevent accidental user suspension), and set an optional expiration date.
5. Copy the generated MCP server URL (e.g., https://api.truto.one/mcp/a1b2c3d4e5f6...).

Method 2: Generating via the Truto API

If you are provisioning AI workspaces programmatically, you can generate MCP servers on the fly. The API generates a secure token, hashes it for edge validation, and returns the ready-to-use URL.

Send an authenticated POST request to the integrated account endpoint:

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "1Password Offboarding Agent",
    "config": {
      "methods": ["read", "write"]
    },
    "expires_at": "2026-12-31T23:59:59Z"
  }'

The response contains the secure URL you will provide to Claude:

{
  "id": "mcp_8f7d6c5b",
  "name": "1Password Offboarding Agent",
  "config": { "methods": ["read", "write"] },
  "expires_at": "2026-12-31T23:59:59Z",
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f67890"
}

Connecting the MCP Server to Claude

Once you have your Truto MCP URL, connecting it to Claude requires no middleware or custom proxy code. The URL is fully self-contained. You can connect it via the Claude UI or via a manual configuration file.

Method 1: Via the Claude UI

1. Open Claude (Desktop or Web).
2. Navigate to Settings > Integrations > Add MCP Server (Note: For ChatGPT, this is located under Settings > Connectors > Add custom connector).
3. Paste the Truto MCP URL.
4. Click Add.

Claude will immediately dispatch an initialize JSON-RPC handshake followed by a tools/list request, discovering all permitted 1Password tools.

Method 2: Via Manual Configuration File

If you are orchestrating Claude Desktop deployments for a team, you can configure the MCP server by modifying the claude_desktop_config.json file. Because Truto acts as an HTTP Server-Sent Events (SSE) endpoint, you utilize the official @modelcontextprotocol/server-sse transport package.

Edit your configuration file (typically located at ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "truto_1password": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/a1b2c3d4e5f67890"
      ]
    }
  }
}

Restart Claude Desktop. The 1Password tools will now be available in the prompt interface.

1Password Hero Tools

Truto normalizes 1Password's endpoints into atomic, LLM-friendly tools. When Claude invokes a tool, Truto maps the flat argument object into the correct query and body schemas required by 1Password. Here are the core tools your agent will use to orchestrate identity management.

list_all_1_password_users

This tool retrieves the user directory from the 1Password account. It handles the underlying pagination mechanisms automatically. Truto injects specific JSON schema properties for limit and next_cursor, ensuring the LLM knows exactly how to request subsequent batches of users without hallucinating parameters.

"I need to audit our active members. Use the list_all_1_password_users tool to pull the first 50 users in our directory. If there is a next_cursor in the response, continue calling the tool until you have reviewed everyone."

get_single_1_password_user_by_id

This tool fetches the complete, detailed profile of a specific user. It requires the user's internal 1Password ID. Agents typically use this tool after querying the directory to inspect group memberships, state attributes, and security metadata before making a modification.

"Extract the ID for john.doe@company.com from the previous list, then call get_single_1_password_user_by_id to check his current account state and group allocations."

1_password_users_suspend

This is a high-leverage write operation used primarily during offboarding or incident response. Invoking this tool changes the user's state to suspended, immediately cutting off access to all vaults and resources. Because this is a destructive action, administrators often deploy separate MCP servers strictly scoped to read operations for general agents, and reserve write operations for authorized security agents.

"We are offboarding the marketing contractor. Find the user ID for sarah.smith@agency.com and immediately call 1_password_users_suspend to revoke her vault access."

1_password_users_reactivate

This tool restores access for a previously suspended user. It is highly useful in automated ticketing workflows where a user requests account recovery, or when a contractor returns for a new project phase.

"IT approved the extension for the external design team. Call 1_password_users_reactivate for user ID 987654321 to restore their access to the shared design vaults."

For the complete inventory of available endpoints, schemas, and resource definitions, visit the 1Password integration page.

Workflows in Action

Exposing these tools to Claude transforms manual IT administration into conversational, agentic workflows. Here are two real-world scenarios demonstrating how Claude chains these tools together.

Scenario 1: Automated Employee Offboarding

When an employee leaves, IT administrators typically have to log into 1Password, search for the user, and manually suspend them. With Claude connected via Truto, this becomes a single prompt.

"Jane Doe from engineering is departing today. Please locate her 1Password account and suspend her access immediately. Confirm when the operation is complete."

Step-by-step execution:

1. Claude invokes list_all_1_password_users, passing a filter or iterating through the directory to find the user object matching the name or email "Jane Doe".
2. The model extracts the internal 1Password ID (e.g., USR-12345) from the JSON response.
3. Claude invokes 1_password_users_suspend, passing { "id": "USR-12345" } as the argument.
4. Claude reads the successful API response and outputs: "I have successfully located Jane Doe (USR-12345) and suspended her 1Password access."

Scenario 2: Contractor Access Audit

Auditing access is tedious. Security teams need to ensure contractors don't retain access to company vaults indefinitely.

"Audit our 1Password directory. Find any active user whose email contains '@external-agency.com'. Check their status, and if they are currently active, suspend them. Output a list of the IDs you modified."

Step-by-step execution:

1. Claude calls list_all_1_password_users and parses the returned array, isolating user objects where the email matches the target domain.
2. For any matched user whose state attribute is active, Claude extracts their ID.
3. Claude loops through the extracted IDs, calling 1_password_users_suspend for each one.
4. If 1Password returns an HTTP 429 rate limit error during the loop, Truto passes the 429 and the ratelimit-reset header back. Claude reads the error, pauses execution, and retries the tool call once the reset window passes.
5. Claude outputs a final markdown table of the contractors whose access was revoked.

Security and Access Control

Exposing identity management APIs to an LLM requires strict boundary controls. Truto enforces security at the MCP token level, ensuring the agent can only perform the actions you explicitly authorize.

• Method Filtering: You can restrict an MCP server to specific operations. By passing methods: ["read"] during server creation, Truto will generate tools for listing and getting users, but will strictly drop the 1_password_users_suspend and reactivate tools. This guarantees the LLM cannot mutate state.
• Tag Filtering: Integration resources are organized by tags. You can filter the MCP server to only expose tools tagged with directory, hiding complex administrative or billing endpoints from the model.
• require_api_token_auth: By default, possession of the Truto MCP URL grants access to the tools. If you are sharing this URL in environments where it might be exposed (like shared CI/CD configs), you can enable require_api_token_auth. This forces the Claude client to pass a valid Truto API token in the Authorization header, adding a second layer of identity verification.
• expires_at (TTL): If you are giving a temporary AI agent or external contractor access to the MCP server, you can set an expires_at datetime. Truto provisions an automated cleanup alarm that instantly invalidates the token and destroys the edge storage metadata the second the TTL expires.

Strategic Wrap-Up

Building a custom integration layer between 1Password and Claude is an expensive distraction from your core product roadmap. Dealing with SCIM filtering quirks, maintaining JSON schemas, and properly normalizing rate limit headers per IETF specifications requires constant engineering maintenance.

By leveraging Truto's dynamically generated MCP servers, you eliminate the boilerplate. You get a secure, filtered, and highly scalable translation layer that turns 1Password's complex identity architecture into predictable tools your AI agents can actually understand.