1Password Unlock mit SSO einrichten

Learn how to integrate 1Password with your identity provider so your team can unlock with single sign-on (SSO).

With 1Password Business and Unlock with SSO, you can connect your identity provider with your 1Password account so your team members can sign in to 1Password with their identity provider username and password instead of their account password and Secret Key.

Wenn du Unlock mit SSO einrichtest, kannst du:

Specify which groups will unlock 1Password with SSO.
Set a grace period for team members to migrate to Unlock with SSO.
Allow team members to unlock 1Password with biometrics.

Review the considerations and requirements below, then learn how to set up Unlock with SSO.

Considerations

Bevor du Unlock mit SSO einrichtest, bedenke die Auswirkungen, die es auf dein Team haben wird:

Unlock with SSO is an authentication method only. To automate provisioning, use 1Password SCIM Bridge.
Unlock with SSO is only available using the OpenID Connect (OIDC) protocol. It uses Authorization Code Flow with Proof Key for Code Exchange (PKCE). For all identity providers except Microsoft Entra ID, you’ll need to set up a public app for the integration, and a client secret is not stored or supported by 1Password.
Your team will need to use 1Password 8. You can’t sign in to 1Password 7 with SSO.
Unlock with SSO in the 1Password apps is only available with an Internet connection. You can allow unlock with biometrics to give your team members offline access.
People in the Owners group can’t unlock 1Password with SSO. This prevents them being locked out of the account or losing any data. We are investigating other long-term options.
1Password uses your encrypted credentials and device key to unlock with SSO, simplifying the enrollment process and eliminating the need for an account password. Learn more about Unlock 1Password with SSO security.
You can only set up one identity provider to unlock with SSO.
Existing team members need to unlock 1Password with their account password and Secret Key before switching to Unlock with SSO. Account recoveries will be needed for any users without their sign-in details. Team members will be prompted to sign in with SSO during the recovery process.
Unlock with SSO is not currently compatible with exporting data. Your team administrator can turn off Unlock with SSO for your account to allow you to export.

Requirements

Wenn du bereit bist, Unlock mit SSO einzurichten, musst du Folgendes tun:

Be in the Owners or Administrators group in your 1Password Business account.
Use the same email address to sign in to both 1Password and your identity provider.
Have administrator privileges in your identity provider.
Make sure team members have the following versions installed on their computers and mobile devices:
- 1Password Browsererweiterung
- 1Password 8 for iOS or Android
- 1Password 8 for Mac, Windows, or Linux
- 1Password CLI (optional)

Set up Unlock with SSO

Nachdem du die Voraussetzungen hast, erfährst du, wie du Unlock mit SSO für deinen Identitätsanbieter konfigurierst:

das Auth0-Logo Auth0

das Duo-Logo Duo

das Google Workspace-Logo Google

JumpCloud

das Microsoft Entra ID-Logo Microsoft Entra ID

das Okta-Logo Okta

das OneLogin-Logo OneLogin

the Ping Identity logo Ping

Andere

If your team uses a different identity provider, let your sales representative or Customer Success Manager know so we can consider support for it in the future.

Get help

Get help if you’re having trouble unlocking 1Password with SSO.

If you automate provisioning with 1Password SCIM Bridge, do not change a suspended team member’s email address. Some identity providers don’t sync email changes for suspended users. If you reactivate a suspended team member after changing their email address, the SCIM bridge may treat them as a new user. This will cause issues when they try to unlock with SSO.

Wenn du zu einem anderen Identitätsanbieter wechseln musst, nachdem du Unlock mit SSO eingerichtet hast:

Sign in to your account on 1Password.com.
Click Policies in the sidebar, then click Manage under Configure Identity Provider.
Click Edit Configuration.
Follow the steps to set up Unlock with SSO for your identity provider.

Wenn eines deiner Teammitglieder weiterhin 1Password 7 verwendet, nachdem du es zu einer Gruppe hinzugefügt hast, die mit SSO entsperrt wird, können die Daten in der App möglicherweise nicht mehr mit ihrem Konto synchronisiert werden. Um dieses Problem zu lösen:

Temporarily remove the team member from the group that unlocks with SSO.
Ask them to unlock 1Password 7 so their data syncs.
Ask them to upgrade to 1Password 8.
Add them back to a group that unlocks with SSO.

Learn more

Was this article helpful?

Glad to hear it! If you have anything you'd like to add, feel free to contact us.

Sorry to hear that. Please contact us if you'd like to provide more details.