Give the group a descriptive name, like "Okta testers", for clarity. Prerequisitesīefore you begin, we recommend creating a test group in 1Password for each group of team members who plan to test Unlock with Okta. Step 3: Specify which team members will unlock 1Password with Okta and set a grace periodĪfter configuring Unlock with SSO, you’ll be redirected to the settings page. This verifies connectivity between 1Passsword and Okta. You’ll be directed to Okta to sign in, then redirected to 1Password to sign in. It may follow one of the following formats: YOUR_OKTA_/.well-known/openid-configuration or YOUR_OKTA_/oauth2/default/.well-known/openid-configuration Refer to your Okta documentation to find your Okta well-known URL.When configuring in Okta, add onepassword://sso/oidc/redirect as an additional sign-in redirect URI. The instructions list a single sign-in URI.Follow the onscreen instructions to set up Unlock with SSO.Click Unlock 1Password with Identity Provider.If needed, you can map Okta attributes to 1Password app attributes in the Profile Editor. By default, Okta provides a subject claim, and name and email are mapped automatically. With Okta’s default settings, no action is required on your part. 1.4 Required claimsġPassword requires sub, name, and email claims from Okta. When Okta redirects to this endpoint, the client is triggered to send an authorize request.Ĭlick Save to commit your General Settings changes. Include a URI to have Okta initiate the sign-in flow. It will follow the following format: and onepassword://sso/oidc/redirect. Copy the URI from the Unlock 1Password with SSO setup page. Sign-in redirect URIs: You can edit the URI you provided when creating the app integration.Grant type: You can edit the grant type you provided when creating the app integration.App integration name: You can edit the name you provided when creating the app integration.
Proof Key for Code Exchange (PKCE): Check “Require PKCE as additional verification”.Ĭlick Save to commit your Client Credentials changes.PKCE makes sure that the access token can be redeemed only by the client that requested it. This option requires the use of a Proof Key for Code Exchange (PKCE) for additional verification. This section has the Client ID and Client authentication information for your app integration. Select the General tab, and click Edit to change any of the listed options. Confirm the user information, then click Save and Go Back.Search for the email address associated with your 1Password admin account and click Assign.Select the Assignments tab, and click Assign > Assign to People.The email address you use to sign in to 1Password must match the email address you use to sign in to Okta. You must first assign yourself to the Okta application you just created before you can configure Unlock with SSO in 1Password.
0 kommentar(er)
