Combine Okta and 2FA(not Okta!) in one login entry


A bunch of web applications allow you to use Okta to log into them, but additional security requires 2FA(TOTP) codes as well.

Namely, I run a private instance of GitLab and Grafana, which both allow authentication (and authorization) via Okta, but after the initial login step also ask to put in an OTP.

I have a login entry that works fine with the Okta itself(login and password plus push message confirmation). Also, I have a login entry with the OTP required to log in to the private GitLab instance.

However, the usage flow is a bit convoluted in this setup.

First GitLab shows an embedded Okta screen and that gets automagically filled in by 1Password. Then it redirects to the GitLab site itself and asks for the one-time-password, but at this point, 1Password doesn't realize that it has OTP for this website and presents a huge list of remotely related login entries.

Eventually, I can scroll down to the right one and fill in the OTP, but this is suboptimal, to say the least.

So, is there a way to have login entry in the 1Password for that given site which would use Okta entry for initial login(seems to work fine) and then put OTP stored in it?

I tried to use the "Related items" link to cross reference both entries, but that had zero effect.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided


  • Hey @batyi,

    I'm sorry for the delay in getting back to you.

    I'd like to understand a little more about when you say 1Password presents a list of remotely related login entries on the GitLab OTP field. Are these for other GitLab logins you have saved? I'm wondering why these could be showing as inline menu suggestions beneath the field.

    As for the best way to have the item set up I would suggest saving Okta as a 'Sign in with' provider within your GitLab item. Here is some more information: Use 1Password to sign in to sites with supported providers.

    Let us know how you get on.