Teams and Businesses

If you’re having trouble unlocking 1Password with SSO

Get help when you’re having trouble using your identity provider to sign in to 1Password.

If you can’t sign in to your account

If you’re trying to sign in with SSO, be sure that you’re signing in with an email address associated with both your identity provider and 1Password accounts.

If you’re using as a sign-in address, use your team’s unique web address on instead. Learn how to find yours.

If you still can’t sign in, contact your 1Password administrator. They’ll be able to recover your account.

You’ll get an email from 1Password. When you click Recover my account in the email, a page will open in your browser. After you recover your account:

If you’re asked for an account password and Secret Key

If you’re asked to enter an account password and Secret Key when you accept the invitation to join your team, wait 30 minutes and try again.

If you still can’t sign in, contact your 1Password administrator.

If you see the “User unable to sign in because grace period is expired” message

If you don’t switch to unlock with SSO before the grace period set by your 1Password administrator expires, you’ll see this message. Contact your administrator for help recovering your account.

If you can’t sign in to 1Password CLI with SSO

Make sure that you’ve connected 1Password CLI with the 1Password app.

If you’re signed out of your account after you close your browser

If you’re signed out of your account after you close your browser, your IT team may have a policy that clears browsing data when a browser is closed. You can ask them to exclude your team’s sign-in address from that policy to make sure team members won’t lose access to their trusted device.

You should also set up other trusted devices, like the 1Password desktop app, after you sign up or switch to unlock with SSO.

If you’re using 1Password 7 or earlier

If you attempt to sign in to 1Password 7 or earlier with SSO, you won’t be able to.

You’ll need to upgrade from 1Password 7 to 1Password 8 for Mac or Windows and 1Password 8 for iOS or Android.

Then, to use Unlock with SSO, make sure you have the following releases installed on your computer and mobile device:

If your device is lost or stolen

If you lose possession of a device that signs in to 1Password with SSO and aren’t able to find it:

  1. Reset your identity provider password.
  2. Contact your 1Password administrator immediately to start account recovery.

    This will remove the device keys for all devices, including the one that was lost or stolen.

  3. You or your administrator should deauthorize the lost or stolen device.
  4. Once account recovery is complete, you will need to re-enroll your devices.

If you can’t find your Okta well-known URL

Your Okta well-known URL uses the following format:

The format may be different if you have a custom authorization server.

If you still need help

If you’re still having trouble unlocking 1Password with SSO, contact 1Password Support with a description of the problem.

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.