Deploying 1Password via VPP
We deploy 1Password to our users via VPP through JAMF and are having an issue whereby each user gets this attached message when they open the app. We've managed to replicate this on every machine and JAMF have on their end too, so they have suggested we contact yourselves to try and get to the bottom of this. Any help would be appreciated. It doesn't stop us using the app as we just click cancel, but it's a little annoying every time you open it.
This has been happening since we started deploying this way a month ago and hasn't changed through any updates since.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@JimmyJetset - thanks for reporting this to us. Unfortunately, except for a wild stab in the dark here, there may not be much we can do to assist you. This is an Apple issue and likely out of our control, as we don't have any say over or even insight into how apps are deployed via the Mac App Store.
I've seen this issue once or twice before, and the only thing I noticed that might affect things is if you are running Sophos or other antivirus/web-filtering software on your Mac. Are you?
0 -
Hi Lars, no we're not running any software like that on the Macs. We don't seem to have this popup with any of our other deployed apps - it only seems to happen with 1Password for some reason.
0 -
@JimmyJetset: Yeah that's weird. Certainly it happens to me with the App Store as well from time to time...but just to clarify, they're being asked by the App Store to authenticate with their(?) Apple ID every time the open the app? Also, are all of the other apps from the App Store as well? I don't know enough about how Apple manages App Store apps on macOS to know what the solution might be, but that might help point us in the right direction.
0 -
Hi Brenty, yep the other apps are all deployed the same way (purchasing via VPP and then deployed to the Macs). As the systems aren't logged into any Apple IDs, we never sign into these prompts, just hit cancel instead.
So basically the apps are all purchased through the VPP portal using our company ID and then distributed through Jamf. But yeah, this only seems to appear for 1Password - but on none of our other Mac App Store distributed apps. No idea why. It's not prohibiting us from using the app, it's a mere annoyance if anything.
So if you find a solution eventually then great!
0 -
@JimmyJetset - Absolutely! We'll let you know if we discover anything, and please, if you figure it out, we'd love it if you shared the information with us as well. Thanks! :)
0 -
So, we're encountering this same issue. I was doing some googling about, and found this:
https://app-updates.agilebits.com/product_history/OPM4#v662005
Customers who purchased 1Password via the Volume Purchase Program on the Mac App Store will no longer be put into read-only mode. VPP customers should expect to be prompted to sign into their Apple ID when they first launch 1Password.
Sounds related?
0 -
@icwb and @JimmyJetset
Sounds related?
Yeah, it actually might be. Enough so that I had a quick chat with our developer who did most of the coding for VPP issues, and what we think might be happening here is that your JAMF instance is not distributing a receipt with the with the updated version. So it prompts the users to download a fresh receipt from Apple (hence the prompt). And the reason it only happens in 1Password may be that other apps distributed via JAMF from VPP are not verifying receipt information as closely as we are.
Like I say, that's "we think," not "we're certain. But the two of you are definitely not the only 1Password users who are using both Apple's VPP and JAMF to provision...but so far you're the only ones I'm aware of to have this issue, which makes me want to ask this (since I'm not a JAMF expert): are there settings you can check for whether JAMF is able to download a receipt first and then distribute to clients?
What I'll really need to be able to nail this down would be a closer look at what's going on with your specific 1Password installs: I'd like to ask you to create a diagnostics report from your Mac immediately after you get such a prompt as in @JimmyJetset's example (so it doesn't fall out of the logs):
Sending Diagnostics Reports (Mac)
Attach the diagnostics to an email message addressed to
support+forum@agilebits.com.With your email please include:
- A link to this thread:
https://discussions.agilebits.com/discussion/comment/416190/#Comment_416190 - Your forum username:
@icwb and/or @JimmyJetset
That way we can "connect the dots" when we see your diagnostics in our inbox.
You should receive an automated reply from our BitBot assistant with a Support ID number in the Subject/title. Please post that number here so we can track down the diagnostics and ensure that this issue is dealt with quickly. :)
Once we see the diagnostics we'll be able to better assist you. Thanks very much!
0 - A link to this thread:
-
You know, it would also be remiss of me not to remind either of you or anyone else reading this who finds the above dense and impentrable, that a 1Password Teams account makes this issue a thing of the past. Just a thought. :)
0 -
Thanks Lars, I’ll give this a go tomorrow to see if I can get you the info you need. Should point out though, that we’re actually using Teams, but still see the pop up every time we open the app. I assume that’s what you were suggesting?
0 -
With 1Password Teams you can install the version of 1Password from our website, which doesn’t require an Apple ID. :)
Ben
0 -
Diagnostic info collected and submitted -- ticket ID #KME-98528-532.
Thanks!
KME-98528-532
0 -
@iwcb we've got your report here and we'll take a look and let you know what we find :-)
Can you guys tell us how your VPP license assignments are configured? Are licenses assigned to devices or are they assigned to users? Half (of the very small number so far) of reports we're getting are confirmed to be happening with MDM deployments where VPP licenses are assigned to devices, and the other half we aren't yet aware of the assignment configuration.
One of our working theories is that the Mac App Store is firing an authentication prompt when we check in-app purchase status, even though we haven't yet seen a case where the VPP license fails to validate. So we're taking a close look at those receipts and validation to pin down what's happening.
As has been mentioned, our present workaround is to have you deploy the web download build of 1Password using your MDM solution but we know this doesn't work for all customers (for example, those running JamfNow) who may need or desire managed app deployment.
ref: OPM-5874
0 -
The licenses are assigned to users in our case, through JAMF 10.2. We have a workaround for now with the website version and a legacy license, so we're able to get by in the meantime.
0 -
Yep, we did explore using the web download version, but our users don’t have admin access to the Macs, so are unable to update 1Password when required. That was the benefit of the App Store, the auto updates.
0 -
Hi Lars, sent the report in. Case number GDB-13453-678
ref: GDB-13453-678
0 -
@JimmyJetset - Thanks! One of us will be with you shortly.
0 -
Argh, why did I say licenses are assigned to users. I meant to say devices, sorry for the confusion,
0 -
@iwcb (and everyone else - @JimmyJetset, et al) - we think we may have figured this out. Give us a bit of time to get a release out.
0
