1Password Onboarding

Overview

This article will introduce and briefly guide you through the process of onboarding with 1Password, including how to activate your 1Password access, signing in with Single Sign-On (SSO), use of Watchtower, and providing links to more documentation.

 

Table of Contents

Activate your 1Password Access

You will receive an email from 1Password with subject “1Password: Join <admin email address who sent invitation> on 1Password”. Note: It may say a specific persons name or email if you were invited by a specific employee,

Requirements: You should only access 1Password from a trusted machine, including an OIT-managed computer, or a mobile device with Duo Mobile also installed.

  • Before clicking the "Join Now" link, close your default browser or make sure that it is logged into your regular UI account
    • Note: By default your regular, not your privileged account, is invited to 1Password. This simplifies integrated Windows authentication for most users, but may be different than how you used LastPass previously
  • Click "Join Now" and a new browser window will open with a "Sign in with Microsoft" button.
  • After clicking the “Sign in with Microsoft” button, you should be presented with University of Idaho Single Sign-On page to enter your credentials and authenticate, if not already authenticated.
  • Once authenticated, you will have access to the 1Password dashboard. There will be no password vaults or group associations until after an admin confirms your access. In order to avoid duplicate passwords in the Private Vault and the need to import twice, please wait before importing any passwords in the next step.
     

Signing into the 1Pasword Desktop Application for the First Time

You can use Self Service / Software Center to download the 1Password Desktop Application (or https://1password.com/download/), which is recommended for successful onboarding. You will need to keep the browser window that you signed into open. If you closed it, we will ask you to open your browser and navigate to https://uidaho.1password.com and sign in. Please leave this signed in browser tab open until later in the instructions.

  • Download 1Password desktop application from Software Center if using Windows, or Self Service on macOS.
  • Go to the desktop application and click “Sign In”.
  • At the bottom of the selections available, click the green icon titled “Sign in with SSO”. Enter the following information and click "Next".
  • You will see a “Sign in with Microsoft” pop-up and button. Click “Sign in with Microsoft”.
  • A new browser tab will open asking if you are trying to sign in to 1Password SSO, click “Continue” and close this browser tab.
  • Go back to the desktop application where you will now see a “Grant access to your account” pop-up.
    • Remember that opened browser window that you signed into https://uidaho.1password.com  in the beginning that was requested to remain open? Go to that browser window / tab where you are signed into 1Password and you should have a pop-up asking to “Allow new device?”.  If that is your device, click “Allow”.
  • In your browser, you will now be presented with a 6-character code to enter into your desktop application.
  • Enter the code into your 1Pasword desktop application and click “Submit”. Then “Done”.  If you are returned to a “Sign In” pop-up and you see a green check mark next to your email, then click “Done” again.
  • Congratulations, you have signed into your desktop application.
  • You will not have any groups and need to be confirmed by an admin. OIT-Security has received a notice and will either approve or contact you shortly. You will get an email when you have been confirmed.
  • The email will explicitly say that your account has been confirmed and you may proceed with importing passwords if applicable.

 

Prioritize Password Rotation

 

There is ongoing risk that passwords from LastPass, particularly those which existed in LastPass prior to Fall 2022, could be compromised by attackers targeting U of I. To mitigate this risk, passwords should be rotated as soon as reasonable, without creating additional risk for your team.

Phase 1: Immediate Response (Month 1: Week 1-2)

  • OIT Privileged Accounts: Change all OIT privileged account passwords if they were stored in LastPass, using https://help.uidaho.edu. These accounts have the highest level of access to U of I resources and must be prioritized.

Phase 2: High Priority (Month 1: Week 1-4)

  • Internet Accessible Login Accounts: Change passwords for all accounts that were stored in LastPass that have Internet-accessible login methods. These accounts, including user and service/functional accounts, have significant access and could pose a high risk. Prioritize these based on the privileges of the account.

Phase 3: Medium Priority (Month 2-3)

  • Internal UI Accounts: Complete password changes for all internal user accounts. While these accounts might have less access, they can still be a potential risk.
  • Shared Accounts for Non-Critical Services: Update passwords for any shared accounts. These can often be a weak point in security as they are used by multiple individuals.

Phase 4: Lower Priority (Month 4-6)

  • Non-privileged Local Accounts: Start changing passwords for non-privileged local network accounts. These accounts pose a lower risk but should still be updated.
  • External User Accounts: Update passwords for external user accounts. These accounts might have limited access but can still pose a risk if compromised.

Use your best judgement in prioritizing password rotation, but if in doubt, prioritize:

  • Privileged account passwords
  • Internet-accessible services
  • Passwords that have not changed since the November 2022 LastPass breach


Use of Watchtower for Password Changes

1Password has a feature called Watchtower that alerts you to password breaches and other security problems on the websites you have saved in 1Password. After migrating to 1Password, you can use Watchtower to assist in keeping track of any passwords that were stored in LastPass or other vulnerab, which are required to be changed with per the "Migration Schedule". Due to the breach, all imported passwords will automatically be tagged to allow you to keep track of the passwords requiring a change. Once a password is changed, please remove the tag associated with it.

There are two tags associated with LastPass and imports:

  • 'LastPass'
  • 'LastPass import <date_time_of_import>'
     

Using Tags within 1Password to Organize your Passwords

In 1Password, tags are a powerful feature that allow you to organize your items in a way that makes sense to you. You can add tags to any item in 1Password to make it easier to find and manage.

  • To add a tag, open the item you want to tag and click ‘Edit’. Then, in the ‘tags’ field, enter the name of the tag you want to add.
    • If you want to add multiple tags, separate them with commas. Once you’re done, click ‘Save’.
    • The tagged items will now appear when you search for that tag in the 1Password app or browser extension.
  • Removing a tag is just as easy. Open the item, click ‘Edit’, and then delete the tag from the ‘tags’ field.
    • Click ‘Save’ to finish.
  • Tags can be used in many ways. For example, users can tag items based on the type of information the contain, such as ‘financial’ or ‘personal’. Or, you could use tags to indicate the importance of certain items, like ‘important’ or ‘urgent’.

1Password uses tags instead of folders to organize records. When structuring your records, you can separate them logically by using Tags in each record.
For example, a record titled Record 1 can have a tag "General". A second record titled Record 2 that you would like to be in a "sub-folder" can have the tag "General/Specific" which would create a hierarchy. Further more, you could create a record titled Record 3 to be in a "sub-folder" of "General/Specific/Granular". The heiracrchy described can be seen below:

 

Uploaded Image (Thumbnail) Uploaded Image (Thumbnail)

 

 

 

 

 

Uploaded Image (Thumbnail)Uploaded Image (Thumbnail)

 

 

 

 

Uploaded Image (Thumbnail)Uploaded Image (Thumbnail)






Next Steps

Familiarize yourself with 1Password's features and settings. You can find more information and guides on the 1Password Support page and the Getting Started with 1Password guide.
 

Get to Know the Browser Extension and the Apps

If you’re new to 1Password, learn how to use the browser extension and apps to manage your passwords, secure notes, and more.

Print Article

Details

Article ID: 2838
Created
Wed 12/6/23 9:41 PM
Modified
Thu 9/5/24 9:15 AM

Related Articles (1)

Password manager FAQ