With 1Password Business, you can set up Unlock with Microsoft Entra ID (previously Azure AD). If you use Conditional Access policies in Entra ID and you set up a public client, migrate to a private client in Entra ID and configure the settings in 1Password for the best experience.
These steps were recorded in February 2024 and may have changed since. Refer to the Microsoft documentation for the most up-to-date steps.
Step 1: Create a secret for the 1Password SSO application in Entra ID
To get started, sign in to your account on the Microsoft Azure portal then follow these steps:
- Search for and select Microsoft Entra ID.
- Under Manage, select App registrations, and click your 1Password SSO app registration.
- In the sidebar under Manage, choose Certificates & secrets.
- Choose New client secret. Give the secret a name, such as “1Password SSO”.
- Click Add, then click the copy button beside the Value field to copy it. You’ll use this in the next step.
Wichtig
Secrets in Entra ID have an expiration date. To make sure your team can continue to sign in with Microsoft, you’ll need to update this secret in 1Password’s settings before it expires.
Schritt 2: Aktualisiere deine Unlock mit SSO-Konfiguration
Wichtig
The changes you make below won’t be saved until you successfully authenticate with Microsoft. This prevents you from locking yourself out of 1Password.
2.1: Aktualisiere deine 1Password-Einstellungen
- Open a new browser tab or window and sign in to your account on 1Password.com.
- Click Policies in the sidebar.
- Click Manage under Configure Identity Provider.
- Click Edit Configuration.
- Choose Private Client in the Client Type section.
- Paste the secret you created in Entra ID in the Application Secret field.
2.2: Aktualisiere deine Entra ID-Anwendung
Von der App-Registrierungsseite in Entra ID:
- In the sidebar under Manage, click Authentication.
- To remove the old redirect URIs, click the trash button beside the platforms, then choose Delete.
- Under “Platform configurations”, select Add a platform then choose Web.
- Copy and paste the Redirect URI from your Configure Identity Provider page in your other browser tab.
- Leave the “Front-channel logout URL” field blank.
- Select ID tokens under “Implicit grant and hybrid flows”.
- Click Configure.
2.3: Teste die Verbindung
Once you’ve configured your settings, go back to the Configure Identity Provider page and test the connection. You’ll be directed to Microsoft to sign in, then redirected to 1Password to sign in. This verifies connectivity between 1Password and Microsoft.
After you test the connection, scroll down and click Save Configuration.
Learn more
- Entsperren von 1Password mit Microsoft Entra ID konfigurieren
- Wenn du Probleme hast, 1Password mit Microsoft zu entsperren
Was this article helpful?
Glad to hear it! If you have anything you'd like to add, feel free to contact us.
Sorry to hear that. Please contact us if you'd like to provide more details.