Feature Request: Support multiple accounts that use Okta for SSO

jscovill
jscovill
Community Member
in Business and Teams

I have a few different identities that I sign into different browser sessions with. They both have 1Password Vaults that have different credentials in them which need to be accessed in different sessions.

Currently, it's impossible to sign into more than one account and use the browser extension because if I try to add more than one account to the app that uses Okta SSO I get:

Unable to sign in
Sign out of account to continue. Only one account per device can be signed in with Okta. Go to Manage Accounts to sign out of your account, then try again.

Having the ability to access multiple identities gated by Okta from the same app or browser extension is important.

Comments

  • Dave_1P
    Dave_1P

    Hello @jscovill! 👋

    Thanks for the feedback! As you noted, you can only sign in to one account at a time with your identity provider. Is it possible for you to setup different vaults in one 1Password account and then choose the vaults that in need in different browser profiles? You can choose which vaults are available in a certain browser profile by doing the following:

    1. Open and unlock 1Password for Mac.
    2. Click on 1Password next to the  in the menu bar.
    3. Click Settings.
    4. Click Accounts & vaults.
    5. Turn off the vaults you don't need in that profile.

    Alternatively, you can turn off app integration and then add a different 1Password account to 1Password in the browser in each browser profile. You can do this by following these steps in each profile:

    1. Open and unlock 1Password for Mac.
    2. Click on 1Password next to the  in the menu bar.
    3. Click Settings.
    4. Click General.
    5. Turn off "Integrate this extension with the 1Password desktop app".
    6. Click Accounts & vaults.
    7. Sign out of any accounts that you don't need in that profile.
    8. Sign into the account that you would like to use.

    Without app integration you'll need to unlock 1Password in the browser separately from the desktop app and you won't have access to features like biometric unlock.

    Let me know if these workarounds won't work for you.

    -Dave

  • jscovill
    jscovill
    Community Member

    Thanks for the alternatives. I've tried door two before but found the inconvenience of not being able to use biometrics unlock for the browser extension too much.

    The first option could be viable. Will test it out and see how it goes.

  • jscovill
    jscovill
    Community Member
    edited January 15

    To add, given the inability to have multiple SSO-enabled users log into the same app instance I'd suggest that they consider introducing a new type of user that doesn't require a license if they don't need an Employee vault to encourage separation of privileges without costing a license.

    In my org we try to use separate user accounts from our day-to-day, un-privileged accounts for administrative purposes, including as 1Password administrators. Having to consume a license for an Employee vault for our administrative accounts without being able to actually use it without inconvenient workarounds because of SSO login limitations is a bit of a downer.