Teams and Businesses

Set up 1Password Unlock with SSO

Learn how to integrate 1Password with your identity provider so your team can unlock with single sign-on (SSO).

With 1Password Business and Unlock with SSO, you can connect your identity provider with your 1Password account so your team members can sign in to 1Password with their identity provider username and password instead of their account password and Secret Key.

When you set up Unlock with SSO, you can:

  • Specify which groups will unlock 1Password with SSO.
  • Set a grace period for team members to migrate to Unlock with SSO.
  • Allow team members to unlock 1Password with biometrics.

Before you begin

Before you set up Unlock with SSO, consider the impact that it will have on your team:

  • Unlock with SSO is an authentication method only. To automate provisioning, use 1Password SCIM Bridge.
  • Unlock with SSO is only available using the OpenID Connect (OIDC) protocol.
  • Your team will need to use 1Password 8. You can’t sign in to 1Password 7 with SSO.
  • 1Password uses your encrypted credentials and device key to unlock with SSO, simplifying the enrollment process and eliminating the need for an account password. Learn more about Unlock 1Password with SSO security.
  • People in the Owners group can’t unlock 1Password with SSO. This prevents them being locked out of the account or losing any data. We are investigating other long-term options.
  • You can only set up one identity provider to unlock with SSO. If you need to switch to a different one after setup, contact 1Password Support.

When you’re ready to set up Unlock with SSO, you’ll need to:

  • Be in the Administrators group in your 1Password Business account.
  • Use the same email address to sign in to both 1Password and your identity provider.
  • Have administrator privileges in your identity provider.

Set up Unlock with SSO

Learn how to configure Unlock with SSO for your identity provider:

the Azure Active Directory logo Azure Active Directory
the Okta logo Okta


If your team uses a different identity provider, let your sales representative or Customer Success Manager know so we can consider support for it in the future.

Get help

Get help if you’re having trouble unlocking 1Password with SSO.

If you need to switch to a different identity provider after you set up Unlock with SSO:

  1. Sign in to your account on 1Password.com.
  2. Click Security in the sidebar and choose Unlock 1Password with Identity Provider.
  3. Click Edit Configuration.
  4. Follow the steps to set up Unlock with SSO for your identity provider.

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.

Published: