1Password's Trelica Buy Part of Broader Shadow IT Play1Password's Trelica Buy Part of Broader Shadow IT Play

1Password's acquisition of software-as-a-service (SaaS) access management provider Trelica is the latest move in a race to broaden the scope and functionality of password managers beyond securely storing user credentials.

1Password and its competitors, including Bitwarden, Dashlane, and LastPass, have been piling on features in recent months, such as extended autofill capabilities; support for digital attachments, such as birth certificates; and the ability to use the System of Cross-domain Identity Management (SCIM) standard to automatically provision users and groups from a source directory.

The 1Password-Trelica deal announced last week fits with 1Password's plans to help enterprises manage SaaS and shadow IT in their environment. Addressing these two enterprise challenges is a natural progression of what 1Password has already been providing with credential management, says 1Password co-CEO David Faugno.

Next Step for Password Management

1Password has been steadily augmenting its password manager software with capabilities such as Secrets Automation and the Events API. The company launched 1Password Extended Access Automation (XAM) last year, which allows secure access to enterprise resources from employee-owned and unmanaged devices that are not set up with the organization's single sign-on tools.

Prior to launching XAM, 1Password acquired Kolide, which developed a tool that provides contextual access management by detecting the health and posture of devices before granting access to applications.

"Our vision for Extended Access Management, and the way we're building to it, includes the application side of the story, which is how you identify and discover applications in the shadow IT realm," Faugno says.

Faugno says SaaS authentication and management were both already on the product road map, but the company had not decided whether to build or buy the capabilities.

"When we found Trelica, it was very, very well aligned with how we saw the world and how we thought about what that element was going to be in our XAM platform," Faugno says. "The Trelica team was very philosophically aligned with the way they built the product, culturally, and was a really good fit, so the build-versus-buy decision became pretty clear for us."

Trelica, founded in 2018 by Iain McGhee, Richard Kirby, and Robert Stiff, integrates directly with 300 SaaS providers. The software's primary functions include shadow IT discovery, spend optimization, contract renewals, and access management workflows for automating onboarding, offboarding, provisioning, and privilege escalation tasks.

Growing Enterprise Implementation

Password managers have historically been designed to assist consumers in keeping track of usernames and passwords for all of their online accounts. In recent years, password managers integrated with single sign-on platforms from Microsoft, Okta, Ping Identity, and others to make it possible for employees to sign on to workforce systems.

"Most enterprises are using some form of password manager for dealing with SaaS and even on-premises applications," says IDC research vice president Jay Bretzmann.  

While demand is strong for 1Password and its leading competitors, they need to continue adding capabilities that meet enterprise needs to their core products if they are to grow.

"Odds are some of these vendors will be acquired or simply not keep up with investment [in GenAI] over the next three years," Bretzmann says. "Most of the leaders are focusing on the sprawl problem they currently solve for enterprise environments with too many point solutions. Password managers will still be relevant in the midmarket where identity problems are less complex."

According to a recent Bloomberg report, 1Password has been interviewing banks for a potential IPO. While Faugno was in New York at the Nasdaq exchange to announce the Telica acquisition, he dismisses that as a sign of immediate plans to go public.

"You know how these public exchanges woo you years before to get closer to the company," he says. "We're in no rush. We have a profile that is appealing to public market investors, but we're also very fortunate to have been a very profitable business for two decades, so we have no unnatural pressures to become public. When the timing is right, we'll do it."