[EU] Business domain with SSO and browser extension
Dear community,
in our setup we use https://customdomain.1password.eu/signin link to log in via SSO (Entra ID) and while it works perfectly fine when accessing https://customdomain.1password.eu/signin -> Click 'Sign in with Microsoft' button, the problem is with web browser extension.
When I click web browser extension, I must add account. So I click 'Sign in' and I am redirected to https://my.1password.com/signin which does not work for our custom domain (and region). I can change it to 1Password.eu (by using option at the bottom of the web page), then link changes to https://my.1password.eu/signin and it's still not possible to log in, due to this error:
There was a problem connecting to your identity provider
Check that you are logged in to your business domain rather than the generic 'my' domain.
ServerError: 403 (oidc_generic_domain_not_allowed)
So, the question is, how do I change 1Password web browser extension to use my https://customdomain.1password.eu/signin to verify Sign-In?
1Password Version: Not Provided
Extension Version: 8.10.46.26
OS Version: Windows 10 22H2
Browser: Chrome
Comments
-
Hello @Zjalim! 👋
I'm sorry that you're running into trouble when signing into 1Password in the browser. The best way to sign into 1Password is to install the desktop app so that it then becomes a trusted device that is used to sign into the browser extension as well. You can install 1Password for Windows here:
Once installed, follow the prompts to add your account and then make sure that app integration is turned on:
- Open and unlock 1Password for Windows.
- Click your account or collection at the top of the sidebar and click Settings.
- Click Browser.
- Make sure that "Connect with 1Password in the browser" is turned on.
Then, open your browser and right-click on the 1Password icon in the browser's toolbar. Click Settings and make sure that "Integrate this extension with the 1Password desktop app" is turned on.
Once this is complete you'll be able to unlock the desktop app and the browser extension at the same time and you'll be signed into both. Let me know if you run into any issues.
-Dave
0 -
Hi @Dave_1P
my apologies for very late reply, unexpectedly I was on longer leave.I went through steps 1-4, but option 'Connect with 1Password in the browser' is grayed out. As far as I found in the Internet, it's because I'm not logged into desktop application.
Whenever I want to log in via SSO in 1Password desktop App. I received this error:
AADSTS50011: The redirect URI 'onepassword://sso/oidc/redirect' specified in the request does not match the redirect URIs configured for the application ''. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
Our Redirect URIs:
https://sso/oidc/redirect
https://companyname.1password.eu/sso/oidc/redirect/URI https://sso/oidc/redirect is added, because the scheme onepassword://... is not allowed.
0 -
Thank you for the reply. It sounds like there's a problem with how SSO is setup with Entra ID. So that the team and I can help further, can you send an email to
support+forum@1Password.comand include a link to this thread. Make sure to use the email address associated with your 1Password account.After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place.
-Dave
0 -
Thank you all for great support.
I'd like to leave solution here, in case someone has similar problem (tl;dr: we switched fom public client to private client setup in the company): https://support.1password.com/migrate-entra-cap/
0 -
Thank you for sharing with the community. 🙂
-Dave
0
