If you can’t sign in to your account
If you’re trying to sign in with Okta, be sure that you’re signing in with email address associated with both your Okta and 1Password accounts.
If your are using my.1password.com as a sign in address, use your team’s unique web address on 1Password.com instead. Learn how to find yours.
If you still can’t sign in, contact your 1Password administrator. They’ll be able to recover your account.
You’ll get an email from 1Password. When you click “Recover my account” in the email, a page will open in your browser. After you recover your account:
- You’ll be able to access all the data you had before.
- You’ll need to re-enroll your devices.
If you’re asked for an account password and Secret Key
If you’re asked to enter an account password and Secret Key when you accept the invitation to join your team, wait 30 minutes and try again.
If you still can’t sign in, contact your 1Password administrator.
If you see the “User unable to sign in because grace period is expired” message
If you don’t switch to unlock with SSO before the grace period set by your 1Password administrator expires, you’ll see this message. Contact your administrator for help recovering your account.
If you can’t sign in to 1Password CLI with SSO
Make sure that you’ve connected 1Password CLI with the 1Password app.
If you’re using 1Password 7 or earlier
If you attempt to sign in to 1Password 7 or earlier with SSO, you won’t be able to.
You’ll need to upgrade from 1Password 7 to 1Password 8 for Mac or Windows and 1Password 8 for iOS or Android.
Then, to use Unlock with Okta, make sure you have the following releases installed on your computer and mobile device:
- 1Password extension
- 1Password 8 for iOS or Android
- 1Password 8 for Mac, Windows, or Linux
- 1Password CLI (optional)
If your device is lost or stolen
If you lose possession of a device that signs in to 1Password with Okta and aren’t able to find it:
- Reset your Okta password.
- Contact your 1Password administrator immediately to start account recovery.
This will remove the device keys for all devices, including the one that was lost or stolen.
- You or your administrator should deauthorize the lost or stolen device.
- Once account recovery is complete, you will need to re-enroll your devices.
If you can’t find your Okta well-known URL
Your Okta well-known URL uses the following format: YOUR_OKTA_DOMAIN.okta.com/.well-known/openid-configuration.
The format may be different if you have a custom authorization server.
If you still need help
If you’re still having trouble unlocking 1Password with Okta, contact 1Password Support with a description of the problem.