SCIM Bridge setup and integrated with Okta but can't login over SSO

I have the SCIM bridge deployed.
I have Okta SSO.
Okta API integration test with SCIM Bridge successful.
Able to push AD groups to 1Password.

When I launch the 1password app from Okta, I get redirected to my.1password.com and then get prompted to:
https://my.1password.com/signin?a=new
and prompted to log in with my secret key and master password.

My Okta login account belongs to the group that was pushed to 1password and vault permissions assigned.

Am I missing an option to enforce SSO on users or groups?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:enforce SSO

Comments

  • 1P_Amanda1P_Amanda

    Team Member

    Hi @iherb0718,

    I see we got back to you via e-mail. Have a great day!

    Amanda

  • I would be interested in this answer as well. My users experienced the same issue.

  • 1P_Amanda1P_Amanda

    Team Member

    Oops, I probably should have left a note here as well.

    Currently, we do not support SSO login. This is due to the fact that our service is End-to-End encrypted, which SSO is not compatible with. Additionally, allowing providers to log users in automatically would open up significant security and privacy risks that we're not willing to accept.

  • I totally understand and support the fact that SSO is a risk.

  • 1P_Amanda1P_Amanda

    Team Member

    Appreciated :) Have a great day!

  • Yeah, the way Bitwarden does it is as a wrapper login. So basically people authenticate twice. Once to SAML SSO and once to their vault. It has the advantage of not requiring another thing that has to be managed like the SCIM bridge, but has the obvious disadvantage of making people authenticate twice.

  • 1P_Amanda1P_Amanda

    Team Member

    Thanks for sharing! We appreciate the feedback.

  • edited March 25

    While I understand why you don't want to support SSO, is it normal that every time a user attempts to launch 1Password from within our SSO provider (in our case Okta), they are prompted for the Master Password (understandable) but also for the Secret Key too?

  • 1P_Amanda1P_Amanda

    Team Member

    That's a known issue Okta recently fixed. You'll need to switch your Sign On settings to use the new Bookmark-Only mode in the 1Password Business Okta app. The procedure for switching over to this new Bookmark-Only mode is:

    1. Go to your 1Password Business Okta app settings as an administrator.
    2. Go to Sign On settings.
    3. Click Edit.
    4. Select Bookmark-Only.
    5. Click Save.
    6. Go to General settings.
    7. Click Edit on App Settings.
    8. Ensure your Region Type is set to the 1Password domain you've set up your account on. (i.e: .com, .ca, or .eu)
    9. Click Save.
    10. Have your users refresh their web browser so the new setting can take effect.
  • This has resolved the issue indeed. Thanks for the speedy solution Amanda!

  • ag_anaag_ana

    Team Member

    On behalf of Amanda, you are very welcome @lapostolakis! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file