Integrate 1Password Business with Okta for SSO Unlock

This page provides the details to connect 1Password Business to your Identity Provider such as Okta, define user access permissions, and configure biometric security settings for your org.

Access SSO settings

1. Sign in to 1Password Business.
2. Select Policies from the side pane.
3. Under the Configure Identity Provider, select Manage.

Configure the Okta connection

Establish or modify the secure connection between 1Password Business and Okta to enable authentication:

1. Select Edit Configuration.
2. Follow the on-screen prompts to set up unlock with SSO. You can only configure one identity provider for SSO unlock.

Manage User Assignments and enable Biometrics

To change which users are assigned to unlock 1Password Business using Okta, select Edit at the bottom of the Settings page.

• User assignment: In the Who can unlock 1Password Business with an identity provider section, choose an option to specify which team members use Okta for unlock.
  • The recommended choice is Only groups you select. Learn more about using Custom groups in 1Password Business.
  • To disable unlock with SSO, select No one.

• Migration of grace period: Specify the number of days before team members are required to switch to unlocking with Okta.

  • The default grace period is 5 days. If a team member fails to migrate before this period ends, they must contact their administrator for account recovery.
• Biometric unlock: To permit team members to use biometrics (touch ID, face ID, Windows hello, and so on) for unlocking, select Allow people to unlock 1Password Business using biometrics.
  • Define the number of days or weeks after which team members are prompted to sign in to Okta again.
  • When biometric unlock is enabled, team members can access 1Password Business while offline until the specified time elapses. After this period, Vault access will become online-only.

Next step

Verify SP-initiated SSO