Protect what matters – even after you're gone. Make a plan for your digital legacy today.
What’s new in 1Password Enterprise Password Manager (Q4 2025)
Hey everyone! 👋 We’ve been working closely with customers across industries this past year to understand where they need more flexibility, clarity, and control. That feedback shaped a new round of improvements that help teams deploy faster, manage more consistently, and stay secure without slowing anyone down. Here’s a quick rundown of what’s new: Security without friction New App Unlock presets give admins more flexibility in how people unlock 1Password. Organizations can align unlock behavior with their existing device policies, like allowing 1Password to unlock when the device unlocks while still enforcing auto-lock where needed. Teams can decide which presets are available, override them where required, or let users choose the option that fits their workflow. Vaults remain protected by device-level encryption – this simply changes when 1Password unlocks, not how it’s secured. Get teams set up in less time A couple of updates make it easier for new users to get started confidently: The new Browser Extension policy helps guide new users to install the 1Password browser extension during setup. Guided Setup now introduces people to the essentials of using 1Password in their environment and adapts to each organization’s configuration. Together, these reduce confusion during onboarding, minimize IT overhead, and help people start saving and filling credentials right away. New policies provide more control As organizations scale, admins often need fine-grained control over how credentials are saved and submitted. New policy options now allow admins to configure: Autosave: Choose which item types (Logins, Credit Cards, Addresses, 2FA) are saved automatically. Autosubmit: Turn off automatic form submission. Sign-in Attempts: Define how many failed login attempts are allowed before an IP address is temporarily locked for that user, helping safeguard against brute-force attacks. These updates help standardize behavior across the organization while still giving teams the right amount of flexibility. Set up your 1Password instance to reflect how your organization operates Multi-tenancy introduces a new account model designed for scale that brings more clarity and consistency to large or distributed organizations. Linked Accounts let you connect a parent account to any number of child accounts within the same data region, organized by geography, department, or business unit. Policy Templates make governance easier by letting the parent account create reusable templates, decide what child accounts can override, and apply standards instantly. It’s a flexible way to maintain consistent security while letting teams operate independently when they need to. Coming in 2026 A couple of updates already in motion: Automated Provisioning hosted by 1Password connects directly to Okta and Entra ID, eliminating the need for self-hosted SCIM bridges so teams can deploy faster with less infrastructure to maintain. A redesigned Audit Log that brings all user and admin activity into a unified, human-readable view, making investigations and compliance reviews much easier. These improvements are all steps toward making enterprise deployment smoother, governance clearer, and day-to-day work less of a lift for admins and teams alike. If you’d like a closer look (including screenshots and examples) you can find the full breakdown in our latest blog post.
email link is not longer valid
Hello, We are using 1Password Enterprise. We do have an integration with a SCIM Bridge and OKTA. When we assign new user to the 1Password Okta group, it provision the user in 1Password and send an invitation email to the user. User receive the email, click on the link and now have this error: email link is not longer valid 1password Any ideas, been working fine before, just begin to do that. Could it be related to the number of licence that could be reached ?
Okta MFA codes stored in 1Password
Hey all, I ran into an issue when integrating 1Password with our IdP Okta, a good amount of our users use 1Password as a means to store their MFA codes, including Okta. This meant that when the users tried to login to 1Password, they found that they could no longer access the MFA code for Okta to login to 1Password. And that left them stuck in a loop, need Okta MFA code to login to 1Password, can't login to 1Password sine they need the MFA code. Is there a solution for this other than asking users to use another MFA method for Okta? We don't provide company mobile devices, and our company is fully remote meaning some labour laws restrict me asking our users to install another MFA app (like Okta verify) on their personal devices.
User account still active in 1Password even though disabled/deleted in Okta
Hello everyone, we recently found out we still have an active user in 1Password that was created using User Provisioning through Okta. Now, the user has since been disabled and deleted in Okta, but in 1Password it still shows as active. How can we disable the user in 1Password? I can't find an option for that.
