Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Blizz's avatar
Blizz
New Contributor
8 months ago

Corporate SSO user/password

I'm sorry to be opening another of these.. but I've seen several ones across the forum in all the years but none satisfying resolution.

I'm in the same situation, where I have a corporate SSO login (same password, mostly same username) across a lot of corporate services where the password changes every X time. I have to update all the records every time.

Isn't it possible to introduce something like a "linked password" / "linked username" type field? A sort of a symlink to the same field in another record?

You'd still have to create them the first time, but they would just all point to the same username.

Even better would be that - if you update its content via one of the linked items - it would just update the original. Obviously a record could not be deleted as long as it has other records pointing to it.

And that would solve the audit things as well right? As you explicitly indicate it's a shared item. The audit would know to skip all linked passwords.

I have been with 1P since almost the beginning (check it, I am proudly wearing my Early Earl badge), but this is one of the things that has been bothering me for many years.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

  • 1P_David's avatar
    1P_David
    Icon for 1Password Team rank1Password Team

    Hi Blizz, thanks for reaching out!

    If you're using the same single sign-in provider across these websites and they're a supported provider have you already tried to make use of the 1Password extension's "Sign in with" feature?

    This feature allows users to save a sign-in provider in their Login items. 1Password can remember which providers you use for each website and sign you in with that provider, so that you don't have to enter a username and password each time.

    If that doesn't work for your situation, let me know, and I'll be happy to submit a feature request to our Product team for the ability to link fields to another item.

    I look forward to hearing from you!

    -David

  • Blizz's avatar
    Blizz
    New Contributor

    Hey,
    Thanks for the reply.
    I know about the supported providers but the issue is that this is not a supported one. It's a bunch of different sites all connecting to an LDAP backend, so unfortunately there is no way for 1P to detect it's all the same underlying user.

  • 1P_David's avatar
    1P_David
    Icon for 1Password Team rank1Password Team

    Blizz

    Thanks for clarifying! I've submitted a feature request to the team for the ability to link fields to another item.

    Let me know if there's anything else I can help with!

    -David

    ref: PB-40852581

  • trevor's avatar
    trevor
    New Contributor

    Hi all

    I would like to add to the discussion and add a bit around TOTP

    Many of my company resources use SSO. This introduces two issues WRT 1password:

    Issue 1: When the SSO account login uses a different username format. This forces updating the password in different instances where it would be useful to store it in a single instance. example user names would be trevor, domain\trevor, trevor@domain.com, trevor@emaildomain.com, trevor@local, trevor@systemname ----- remember these are all the same SSO account but the various systems are expecting a different prefix or suffix.

    Issue 2: When the TOTP 2FA code is different per system. I can store many TOTP codes in the same credential but I can no longer autofill, I have to revert to copy and paste it out the browser plugin.

    The idea that I have is that there could be multiple instances of both username and TOTP code within the same secret, with a way to link the correct instance to each website field, so when you use autofill it selects the linked username and TOTP but uses the common password. This would minimize secret sprawl and effort to maintain many instances of the same secret.

    I believe that this gels with the above feature request but would need to be expanded to also over TOTP.