SCIM Bridge setup and integrated with Okta but can't login over SSO

iherb0718
iherb0718
Community Member

I have the SCIM bridge deployed.
I have Okta SSO.
Okta API integration test with SCIM Bridge successful.
Able to push AD groups to 1Password.

When I launch the 1password app from Okta, I get redirected to my.1password.com and then get prompted to:
https://my.1password.com/signin?a=new
and prompted to log in with my secret key and master password.

My Okta login account belongs to the group that was pushed to 1password and vault permissions assigned.

Am I missing an option to enforce SSO on users or groups?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:enforce SSO

Comments

  • Hi @iherb0718,

    I see we got back to you via e-mail. Have a great day!

    Amanda

  • tb_bhav
    tb_bhav
    Community Member

    I would be interested in this answer as well. My users experienced the same issue.

  • Oops, I probably should have left a note here as well.

    Currently, we do not support SSO login. This is due to the fact that our service is End-to-End encrypted, which SSO is not compatible with. Additionally, allowing providers to log users in automatically would open up significant security and privacy risks that we're not willing to accept.

  • tb_bhav
    tb_bhav
    Community Member

    I totally understand and support the fact that SSO is a risk.

  • Appreciated :) Have a great day!

  • Alex_Scoble
    Alex_Scoble
    Community Member

    Yeah, the way Bitwarden does it is as a wrapper login. So basically people authenticate twice. Once to SAML SSO and once to their vault. It has the advantage of not requiring another thing that has to be managed like the SCIM bridge, but has the obvious disadvantage of making people authenticate twice.

  • Thanks for sharing! We appreciate the feedback.

  • lapostolakis
    lapostolakis
    Community Member
    edited March 2021

    While I understand why you don't want to support SSO, is it normal that every time a user attempts to launch 1Password from within our SSO provider (in our case Okta), they are prompted for the Master Password (understandable) but also for the Secret Key too?

  • That's a known issue Okta recently fixed. You'll need to switch your Sign On settings to use the new Bookmark-Only mode in the 1Password Business Okta app. The procedure for switching over to this new Bookmark-Only mode is:

    1. Go to your 1Password Business Okta app settings as an administrator.
    2. Go to Sign On settings.
    3. Click Edit.
    4. Select Bookmark-Only.
    5. Click Save.
    6. Go to General settings.
    7. Click Edit on App Settings.
    8. Ensure your Region Type is set to the 1Password domain you've set up your account on. (i.e: .com, .ca, or .eu)
    9. Click Save.
    10. Have your users refresh their web browser so the new setting can take effect.
  • lapostolakis
    lapostolakis
    Community Member

    This has resolved the issue indeed. Thanks for the speedy solution Amanda!

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Amanda, you are very welcome @lapostolakis! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.