1Password Business customers can now unlock 1Password with identity providers (IdPs) that support the generic OpenID Connect (OIDC) configuration like Duo, OneLogin, JumpCloud, and others.
We announced Unlock with Okta for 1Password Business earlier this year, and Unlock with Azure soon followed. Feedback from 1Password Business customers on those releases has confirmed our expectations: Pairing 1Password with your identity and access management (IAM) infrastructure simplifies adoption and improves auditing, compliance, and reporting workflows.
“Everyone is now used to unlocking with Okta, and they definitely love that they don’t need to remember an extra password (anymore).” – David Baverstock, Senior IT Engineer at Airwallex
Okta and Azure were our most popular integration requests, so between the two, a sizable portion of 1Password Business customers gained the ability to pair 1Password with their existing identity and access management (IAM) infrastructure.
Unlock 1Password with additional identity providers
Our next task was to bring Unlock with SSO to as many customers as possible. To do that, we built on top of the foundation laid by our integrations with Okta and Azure.
Both Unlock with Okta and Unlock with Azure were built using the OIDC identity protocol – a modern, secure identity layer built on top of the OAuth 2.0 protocol. OIDC is simpler and more flexible to work with, and includes support for native and mobile applications.
In short, OIDC is where things are headed. Building a generic OIDC configuration allowed us to build support for many providers at once – such as Duo, OneLogin, JumpCloud and more.
After private and public testing, all 1Password Business customers can now integrate 1Password with identity providers that support the OIDC protocol. I’d like to give a huge shout-out from our team to the teams at Duo and OneLogin who were gracious enough to help us test and optimize the OIDC configuration.
Please note that while Google Workspace isn’t supported in this release, we’re working to bring support for Google Workspace to Unlock with SSO later this year. We’ll share more on that integration – and supporting the Security Assertion Markup Language (SAML) protocol – in the coming months.
Maintaining zero knowledge
We’ve gone into great detail about how we engineered Unlock with SSO to meet the stringent security standards you’ve come to expect from 1Password, using a trusted device model to maintain zero knowledge.
Because Unlock with SSO using the generic OIDC configuration is built with the same underlying architecture as Unlock with Okta and Azure AD, admin setup is the same for Duo, OneLogin, JumpCloud, and others.
And for end users, it’s just as easy. The process for setting up a trusted device is the same as Unlock with Okta and Unlock with Azure AD.
A word from Duo
Duo is pleased to partner with 1Password to help joint customers provide seamless, secure access to workforce applications, both cloud and on-premises.
Duo Single-Sign On (SSO) is a cloud-hosted OpenID provider offering inline self-service enrollment and passwordless authentication with Duo Universal Prompt. Already used by thousands of organizations to enable access to popular applications such as Microsoft 365, Workday, and Salesforce, Duo SSO now supports 1Password. 1Password Unlock with Duo SSO will replace a user’s 1Password account password, Secret Key, and Emergency Kit. Duo admins can configure the application via the Duo Admin Panel.
Duo SSO also includes the ability to define policies that enforce unique controls for each individual SSO application. For example, you can require that Salesforce users complete two-factor authentication at every login, but only once every seven days when accessing 1Password. Duo checks the user, device, and network against an application’s policy before allowing access to the application.
How to get started
If you’re using an identity provider that supports the generic OIDC configuration, you can connect your provider to 1Password right now:
- Create a 1Password integration with your identity provider.
- Configure Unlock with SSO from your 1Password account on 1Password.com by selecting Security in the sidebar, then Unlock 1Password with Identity Provider.
- Create a custom group and add the team members who will gain access to Unlock with SSO.
That’s it! Now you can secure employees no matter how they sign in – because while your SSO provider protects logins for approved apps that you specifically add to them, 1Password protects virtually everything else.
Tweet about this post