Get started

If you’re having trouble unlocking 1Password with SSO

Get help when you’re having trouble using your identity provider to sign in to 1Password.

If you can’t sign in to your account

If you’re trying to sign in with Okta, be sure that you’re signing in with email address associated with both your Okta and 1Password accounts.

If your are using my.1password.com as a sign in address, use your team’s unique web address on 1Password.com instead. Learn how to find yours.

If you still can’t sign in, contact your 1Password administrator. They’ll be able to recover your account.

You’ll get an email from 1Password. When you click “Recover my account” in the email, a page will open in your browser. After you recover your account:

If you’re asked for an account password and Secret Key

If you’re asked to enter an account password and Secret Key when you accept the invitation to join your team, wait 30 minutes and try again.

If you still can’t sign in, contact your 1Password administrator.

If you see the “User unable to sign in because grace period is expired” message

If you don’t switch to unlock with SSO before the grace period set by your 1Password administrator expires, you’ll see this message. Contact your administrator for help recovering your account.

If you can’t sign in to 1Password CLI with SSO

Make sure that you’ve connected 1Password CLI with the 1Password app.

If you’re using 1Password 7 or earlier

If you attempt to sign in to 1Password 7 or earlier with SSO, you won’t be able to.

You’ll need to upgrade from 1Password 7 to 1Password 8 for Mac or Windows and 1Password 8 for iOS or Android.

Then, to use Unlock with Okta, make sure you have the following releases installed on your computer and mobile device:

If your device is lost or stolen

If you lose possession of a device that signs in to 1Password with Okta and aren’t able to find it:

  1. Reset your Okta password.
  2. Contact your 1Password administrator immediately to start account recovery.

    This will remove the device keys for all devices, including the one that was lost or stolen.

  3. You or your administrator should deauthorize the lost or stolen device.
  4. Once account recovery is complete, you will need to re-enroll your devices.

If you can’t find your Okta well-known URL

Your Okta well-known URL uses the following format: YOUR_OKTA_DOMAIN.okta.com/.well-known/openid-configuration.

The format may be different if you have a custom authorization server.

If you still need help

If you’re still having trouble unlocking 1Password with Okta, contact 1Password Support with a description of the problem.

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.

Published: