It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Help with 1Password SSO Unlock Across Multiple Desktops
Hi, I’m looking for some assistance with 1Password in a small office environment (around 45–50 desktops) that runs Hybrid AD.
We’ve enabled Unlock with SSO, and it works fine on a user’s first workstation. However, when the same user signs in on another workstation, 1Password prompts them to transfer their encryption key.
The challenge is that our users often move between desktops throughout the day depending on their work schedule. This constant key transfer prompt is disruptive.
Is there a way to disable this key transfer requirement or a recommended best practice to allow seamless use of SSO across multiple desktops?
Thanks in advance for any guidance!
5 Replies
- 1P_Dave
Moderator
Hello ComplianceBBS! 👋
Thanks for the question! If your users need to sign in to 1Password on a new device when using SSO, they’ll need to use the 1Password app on an existing device to transfer the encryption key. You can read more here :
The requirement to transfer the encryption key from an existing device is fundamental to 1Password's end-to-end encryption that ensures that no one, not your identity provider or 1Password itself, can ever access your organization's information.Are you using a VDI (Virtual Desktop Infrastructure) environment for these employees? If you are then have you looked into creating a roaming profile that will persist the user's 1Password data as they move from one workstation to another?
If you persist 1Password data for your users for their user profile then they wouldn't need to setup 1Password again when they sign in on a new workstation using their roaming profile: Use 1Password in a virtual desktop environment
-Dave
We have the same problem and 1password does not have a solution.
Perhaps 1password could consider integrating with native operating system tools like OneDrive? That would make the entire process much less painful.
Another option would be to configure something in the 1password portal, allowing devices to auto authenticate for the next "15 minutes" when coming from a known IP address.- 1P_Dave
Thanks for the reply. Unlike other services, 1Password's security doesn't just rely on authentication but on encryption. The encryption key needs to be transferred to the device that you're using from an existing device in order for the 1Password app to be able to decrypt your data into a readable and usable form.
Can you tell me a little more about how you deploy 1Password across your organization? Have you considered using roaming profiles like I described in my previous post? I look forward to hearing from you.
-Dave
