If you can’t sign in to your account
If you’re trying to sign in with SSO, be sure that you’re signing in with an email address associated with both your identity provider and 1Password accounts.
If you’re using my.1password.com as a sign-in address, use your team’s unique web address on 1Password.com instead. Learn how to find yours.
If you still can’t sign in, contact your 1Password administrator. They’ll be able to recover your account.
You’ll get an email from 1Password. When you click “Recover my account” in the email, a page will open in your browser. After you recover your account:
- You’ll be able to access all the data you had before.
- You’ll need to re-enroll your devices.
If you’re asked for an account password and Secret Key
If you’re asked to enter an account password and Secret Key when you accept the invitation to join your team, wait 30 minutes and try again.
If you still can’t sign in, contact your 1Password administrator.
If you see the “User unable to sign in because grace period is expired” message
If you don’t switch to unlock with SSO before the grace period set by your 1Password administrator expires, you’ll see this message. Contact your administrator for help recovering your account.
If you can’t sign in to 1Password CLI with SSO
Make sure that you’ve connected 1Password CLI with the 1Password app.
If you’re signed out of your account after you close your browser
If you’re signed out of your account after you close your browser, your IT team may have a policy that clears browsing data when a browser is closed. You can ask them to exclude your team’s sign-in address from that policy to make sure team members won’t lose access to their trusted device.
You should also set up other trusted devices, like the 1Password desktop app, after you sign up or switch to unlock with SSO.
If you’re using 1Password 7 or earlier
If you attempt to sign in to 1Password 7 or earlier with SSO, you won’t be able to.
You’ll need to upgrade from 1Password 7 to 1Password 8 for Mac or Windows and 1Password 8 for iOS or Android.
Then, to use Unlock with SSO, make sure you have the following releases installed on your computer and mobile device:
- 1Password browser extension
- 1Password 8 for iOS or Android
- 1Password 8 for Mac, Windows, or Linux
- 1Password CLI (optional)
If your device is lost or stolen
If you lose possession of a device that signs in to 1Password with SSO and aren’t able to find it:
- Reset your identity provider password.
- Contact your 1Password administrator immediately to start account recovery.
This will remove the device keys for all devices, including the one that was lost or stolen.
- You or your administrator should deauthorize the lost or stolen device.
- Once account recovery is complete, you will need to re-enroll your devices.
If you can’t find your Okta well-known URL
Your Okta well-known URL uses the following format: YOUR_OKTA_DOMAIN.okta.com/.well-known/openid-configuration.
The format may be different if you have a custom authorization server.
If you still need help
If you’re still having trouble unlocking 1Password with SSO, contact 1Password Support with a description of the problem.