Integrate 1Password Enterprise Password Manager with Okta for SSO Unlock
This page provides the details to connect 1Password Enterprise Password Manager to your Identity Provider such as Okta, define user access permissions, and configure biometric security settings for your org.
Access SSO settings
- Sign in to 1Password Enterprise Password Manager.
- Select Policies from the side pane.
- Under the Configure Identity Provider, select Manage.
You can add the 1Password Enterprise Password Manager logo to the 1Password Enterprise Password Manager app in Okta to visually identify it.
Configure the Okta connection
Establish or modify the secure connection between 1Password Enterprise Password Manager and Okta to enable authentication:
- Select Edit Configuration.
- Follow the on-screen prompts to set up unlock with SSO. You can only configure one identity provider for SSO unlock.
To prevent loss of access to 1Password Enterprise Password Manager, you can only save an IdP configuration after a successful test connection. You can't save the changes if authentication is unsuccessful.
Manage User Assignments and enable Biometrics
To change which users are assigned to unlock 1Password Enterprise Password Manager using Okta, select Edit at the bottom of the Settings page.
- User assignment: In the Who can unlock 1Password Enterprise Password Manager with an identity provider section, choose an option to specify which team members use Okta for unlock.
- The recommended choice is Only groups you select. Learn more about using Custom groups in 1Password Business.
- To disable unlock with SSO, select No one.
-
Migration of grace period: Specify the number of days before team members are required to switch to unlocking with Okta.
- The default grace period is 5 days. If a team member fails to migrate before this period ends, they must contact their administrator for account recovery.
- Biometric unlock: To permit team members to use biometrics (touch ID, face ID, Windows hello, and so on) for unlocking, select Allow people to unlock 1Password Enterprise Password Manager using biometrics.
- Define the number of days or weeks after which team members are prompted to sign in to Okta again.
- When biometric unlock is enabled, team members can access 1Password Enterprise Password Manager while offline until the specified time elapses. After this period, Vault access will become online-only.