1Password Teams for MFA and OATH support with MS Office 365

danrademacher
danrademacher
Community Member
in Business and Teams

I run a small nonprofit (16 people on both Mac and PC) and have been a huge fan of 1Password Teams for years. It's a lifesaver. My IT support vendor, though, is not very familiar with it. We're mostly a Google Apps shop but need to start using Microsoft Office 365.

I would like to use 1P MFA for our Office 365 accounts, and it does seem to work fine, with "Standard" 365 licenses (which are super cheap for nonprofits). But my IT folks seem to think we'll be on thing ice using 1P for MFA, unless we pay Microsoft 5X monthly for Premium licenses.

Their message to me:

The tech agrees that it is possible to do 1Password MFA without a Premium license at this time, however, **Microsoft may be requiring higher security soon (OATH), which 1Password has not published any information on, so we don’t know if it can/can’t do it in the future. **

It is entirely possible, but not certain, that you can do MFA on 1Password without a Premium license for the near future and possibly into the distant future, but when that security changes, you may need to shift gears quickly to avoid being locked out of Microsoft apps and get everyone onto Premium licenses and train your team on new MFA processes.

Anyone know if 1Password might soon be out of sync with Microsoft's requirements for MFA?

Comments

  • ag_tommy
    ag_tommy

    @danrademacher

    Typically, I've seen that when using some account types, Microsoft may require its own authenticator app. To my understanding, there is an option inside the account settings to adjust this. I am not personally familiar with it. In situations like this, you'd typically install their app on your phone to get the code, and then when prompted, you'll provide that code on your device to access the service.

    If you're using SSO with 1Password, it's possible to sign in.

    Configure Unlock 1Password with Microsoft Entra ID

    We have also joined MISA. 1Password Joins Microsoft Intelligent Security Association

  • danrademacher
    danrademacher
    Community Member

    Thanks!

    I actually already have confirmed that 1P works with current iteration of Microsoft login for the type of accounts we have, but there's this apparent medium-term possibility of that no longer being true if MS requires OATH in the future. I have found this confusing because from what I read, OATH is an overall category, which includes TOTP (time-cased, which 1P supports currently)...