Plans to improve the offline access experience for SSO

Hello pstratis​! 👋

Thank you for reaching out. SSO unlock provides organizations with centralized access control but requires connectivity in order to function. Without biometrics 1Password must contact your identity provider each time it unlocks. Whether to use SSO unlock for 1Password will depend on the particular needs of your organization.

If your team members need access to 1Password even when offline then enabling biometric unlock is the best option. If a team member needs offline access but doesn't have a device that supports biometrics then I recommend that you keep them on traditional unlock (account password + Secret Key) rather than SSO. You can choose to migrate some team members to SSO and keep others using an account password. 

Also since it doesn't seem possible to use MDM to enforce "Unlock with Windows Hello", it feels risky to leave this up to chance that an individual employee enables this and thus has access during an outage

You can enforce biometric unlock by following these steps: 

1. Sign in to the Policies  > Authentication page: https://start.1password.com/policies/authentication
2. Click Enforce specific settings. 
3. Choose the desired option for "Unlock using biometrics".

You can read more here: Enforce unlock and auto-lock settings in 1Password Business

-Dave

Also since it doesn't seem possible to use MDM to enforce "Unlock with Windows Hello", it feels risky to leave this up to chance that an individual employee enables this and thus has access during an outage https://support.1password.com/mobile-device-management/?windows#security-opw8