How Airwallex is using 1Password to eliminate all passwords at work
Airwallex offers a financial technology platform for modern businesses growing beyond borders. With one of the world’s most powerful payments and banking infrastructure, Airwallex’s technology empowers businesses of all sizes to accept payments, move money globally, and simplify their financial operations in a single platform. airwallex.com
Industry
- Technology
Use Cases
- Unlock with SSO
- Securing unsanctioned apps
- Securing developer workflows
- Transitioning to passwordless
PDF Version
Key results
Storage and sharing of secrets not managed by single sign-on (SSO) is secured.
Reduced passwords in circulation thanks to Unlock with SSO.
Development workflows are secure with the SSH Agent and Secrets Automation.
An effectively passwordless work environment for all offices.
Background
Airwallex is a global payments and financial platform for modern businesses. The company makes it simple to open domestic and international bank accounts in a wide range of currencies. Airwallex customers can then accept payments around the world, bypass the banks with cheaper global transfers, create ‘borderless’ corporate cards, and more.
“We can help your team manage everything including your payments, internal treasury and spend, and your embedded finance, all in a single platform,” David Baverstock, Senior IT Engineer at Airwallex explained.
The fast-growing company has big ambitions. One of them is to create a completely passwordless work environment for its more than 1,300 employees, who are spread across 19 international offices. How? The first step has been adopting 1Password, which can be unlocked with Okta, its current SSO solution.
Unlock with Okta: The road to passwordless
At first, Airwallex used 1Password and Okta as two broadly separate tools inside its organization.
“And that all went great,” David says. “Everyone was used to having a separate (1Password account) password, and I think they appreciated the extra security. Their 1Password accounts also came with a Secret Key that only they knew. That meant employees knew no one else could get into their private vaults.”
But the company quickly moved to manage and secure everyone’s 1Password accounts using Unlock with Okta. The capability allows admins like David to set up 1Password Business so that team members sign in with their Okta username and password, rather than their 1Password account password and Secret Key.
Unlocking 1Password with Okta means Airwallex team members only have to remember one password – the one they’ve chosen for their Okta account. Airwallex adopted the sign-in method company-wide, which means that none of its employees now have to memorize a separate password to access 1Password.
The company’s next step was to set up Okta’s authentication policy so team members only need to use biometrics to unlock 1Password while they’re in the office. “So there’s no need to put a password in,” David says.
Once a team member walks into work, they now essentially have a passwordless experience while accessing anything stored inside 1Password.
Okta and 1Password: the perfect pair
Airwallex uses Okta to secure and manage enterprise apps. This allows employees to sign on to their SSO platform with a single, strongly vetted identity, and then access the services they need to do their work.
But some services aren’t supported by Okta. Others simply aren’t suitable for Airwallex to secure with SSO at the moment. The company uses 1Password to ensure all of these accounts are protected by strong, unique passwords.
“Now we’re on board with 1Password, I’ve pushed really hard to ensure we’re making use of everything it’s intended for,” David said. “So no one is using insecure passwords just because they make it easy to remember how to get into everything they need.”
“These vaults have some shared credentials in there for those teams,” David said. “We set it up so that as new people come on to those teams, they get access to those shared credentials automatically. It’s part of their onboarding process.”
Together, Okta and 1Password form a robust line of defense around everything Airwallex relies on every day. It also gives David visibility and powerful auditing capabilities. “We wanted to make sure that the [password manager] we chose had great audit logs and security controls to give us the confidence in storing that data,” he said.
Securing Airwallex’s development workflows
Before 1Password, Airwallex was using a different enterprise password manager to secure some of its work-related logins. “But we just found that it wasn’t quite meeting all our company’s needs,” David explained.
Airwallex needed additional tools that could help its developers secure their code and infrastructure secrets. “Our developers, being the good engineers they are, were trying to engineer a solution to their own problems,” David said. “So we had a mixture of people using Chrome’s password manager or custom tools to store their secrets, things like that.”
Airwallex adopted 1Password in part because it’s far more than a password manager. It’s also a tool that can secure and streamline how you manage SSH keys, API tokens, and other infrastructure secrets. “We’re huge fans of the direction 1Password is taking with the more developer-focused side of its features,” David said.
In particular, the IT manager loves 1Password’s SSH agent, which lets you create new SSH keys, keep them organized, and ensure they’re securely available everywhere you need them. “The fact you’ve got an SSH Agent tool that integrates into your 1Password vault for your SSH keys, and the signing of git commits, is great,” David explained.
Thanks to Secrets Automation, Airwallex can also secure, orchestrate, and manage its infrastructure secrets using 1Password. The company plans to use this functionality “to totally kill any hard-coded credential we might have in our CI/CD (Continuous Integration/Continuous Delivery) pipelines or scripts,” David said.
“We’re really excited to see some of the use cases our engineers here come up with, now they have that great capability that was absent before,” he added.
The future: true passwordless
With 1Password, Airwallex has laid a foundation to go passwordless in the future.
1Password will soon give everyone the option to create and unlock their 1Password account with a passkey, rather than a password. This will give people the option to go with a seamless and secure sign-in method that’s completely passwordless. 1Password has also committed to broader passkey support so team members can create and secure their online accounts with passkeys. Storing them in a password manager means they’ll also have a simple way to sync those passkeys between devices and securely share them with colleagues.
More stories from 1Password customers
IT team of one? No sweat. FireHydrant uses SCIM bridge to streamline onboarding and simplify operations.
Sigrid.AI manages customer assets with 1Password to provide secure remote support to a global client base.
Secure your business with 1Password
Protect your business with the enterprise password manager trusted by more than 150,000 companies.