Manage user assignments and grace periods

After completing the unlock with Single-Sign On (SSO) configuration, you're directed to the Settings page of your 1Password Business account. Before you configure settings, create groups for the team members who are using Okta to unlock 1Password Business.

Follow the steps to create and populate groups:

1. Create a custom group: Name the group clearly. For example, OktaSSO.
2. Add team members to the group: If you plan to invite more team members to test unlock with Okta later, create a custom group for each additional set of testers.

These initial groups created aren't necessarily permanent; the goal is to gradually transition your entire team to unlock with SSO once the initial groups have migrated successfully.

Select Users to Unlock 1Password Business with Okta

By default, the setting People unlocking 1Password Business with an identity provider is set to No one. Choose one of the following options:

• No one: Disables the unlock with Okta feature.
• Only groups you select: Only members of the specific groups you designate uses Okta for sign-in. For more information, see use custom groups in 1Password Business.
• Everyone except: groups you exclude: All team members, excluding owners and members of the groups you select for exclusion, uses Okta to sign in.

Configure the grace period

Team members with existing 1Password Business accounts are required to transition to unlock with Okta. When setting the grace period, consider the following:

• Default range: The default grace period is five days, and it can be set from one to 30 days.
• Start time: The grace period starts when an admin does any of the following tasks:
  • Adds a group after selecting the Only groups you select option.
  • Configures unlock with Okta for the entire team.

Next step (Optional)

Integrate 1Password Business with Okta for SSO Unlock