Onboarding team members to 1Password Business is essential for establishing secure password management across your organization. This guide covers multiple invitation methods, from individual email invitations to automated SCIM provisioning for enterprise deployments.
Prerequisites
Before you begin, ensure you have:
- Owner or administrator access to your 1Password Business account
- Team member email addresses for those you want to invite
- Allowed email domains configured (if using sign-up links)
- Identity provider access (if using SCIM provisioning)
Understanding Invitation Methods
1Password Business offers several ways to invite team members:
| Method | Best For | Automation Level |
|---|---|---|
| Email invitations | Individual invites, small teams | Manual |
| Sign-up links | Large teams, department rollouts | Semi-automated |
| Slack integration | Teams using Slack | Semi-automated |
| SCIM provisioning | Enterprise, automated onboarding | Fully automated |
Step 1: Configure Account Password Policy
Before inviting team members, establish your password requirements:
- Sign in to your account on 1Password.com
- Navigate to Settings > Security
- Select Account Password Policy
- Configure minimum requirements:
- Minimum password length
- Character requirements
- Password strength indicator threshold
- Click Save
Important: Password policies aren't retroactively enforced. People who join before the policy is set will only need to comply if they change their password or have their account recovered.
Step 2: Invite Team Members by Email
Individual Email Invitations
- Sign in to your account on 1Password.com
- Select Invitations in the sidebar
- Click Invite by email
- Enter the team member's email address(es)
- Separate multiple addresses with commas
- Email addresses must be associated with functional inboxes
- Click Invite
- Repeat for additional team members
Using Custom Invitation Emails
To personalize the invitation experience:
- From the Invitations page, click Settings
- Select Customize invitation email
- Add your custom message explaining:
- Why they're being invited
- What 1Password is used for at your organization
- Who to contact with questions
- Click Save
Step 3: Use Sign-Up Links for Bulk Onboarding
For inviting large groups simultaneously:
Configure Allowed Domains
- Navigate to Settings > Invitations
- Under Sign-up link, enter your organization's email domains
- Example:
yourcompany.com,subsidiary.com
- Example:
- Click Save
Share the Sign-Up Link
- Return to the Invitations page
- Copy the sign-up link displayed under your allowed domains
- Share the link via:
- Company-wide email
- Internal wiki or intranet
- Team chat channels
- New employee onboarding documentation
Note: Only people with email addresses matching your allowed domains can use the sign-up link.
Step 4: Invite via Slack Integration
If your organization uses Slack:
Connect Slack to 1Password
- Navigate to Integrations > Slack
- Click Connect to Slack
- Authorize 1Password to access your Slack workspace
- Select which channels or groups to sync
Send Slack Invitations
- From the Invitations page, select Slack
- Choose your invitation method:
- Invite Everyone - Invites all workspace members
- Choose People to Invite - Select individuals, channels, or groups
- Click Send Invitations
Note: Slack invitations also expire after 5 days.
Step 5: Confirm New Team Members
After team members accept their invitation and create their account:
- Navigate to Invitations in the sidebar
- You'll see pending members under Needs Confirmation
- Review each pending member:
- Verify the email address is correct
- Confirm they're a legitimate team member
- Click Confirm next to each approved member
- The team member receives an email confirming they can start using 1Password
Batch Confirmation
For multiple pending members:
- Select the checkboxes next to members to confirm
- Click Confirm Selected
- All selected members are confirmed simultaneously
Step 6: Set Up SCIM Provisioning (Enterprise)
For automated onboarding with your identity provider:
Supported Identity Providers
- Google Workspace
- Microsoft Entra ID (Azure AD)
- Okta
- OneLogin
- JumpCloud
- Rippling
Enable SCIM Provisioning
- Sign in to your 1Password Business account as an owner
- Navigate to Settings > Provisioning
- Click Turn On CLI Provisioning or Set up SCIM
- A Provision Managers group is automatically created
- Note your SCIM URL and generate a Bearer Token
Configure Your Identity Provider
Each provider has specific configuration steps. Generally:
- Create a new application in your identity provider
- Configure SCIM provisioning settings:
- SCIM URL: Your 1Password SCIM endpoint
- Bearer Token: The token generated in 1Password
- Map user attributes (email, display name)
- Enable automatic user provisioning
- Configure group sync if needed
SCIM Capabilities
With SCIM configured, you can:
| Action | Result in 1Password |
|---|---|
| Assign user to 1Password app | User receives invitation, auto-confirmed after signup |
| Update user email/name | Changes reflected in 1Password |
| Remove user from app | User suspended in 1Password |
| Push groups | Groups synced to 1Password |
Note: SCIM automatically confirms users every 5 minutes after they sign up.
Step 7: Assign Users to Groups and Vaults
After team members are confirmed:
Add to Custom Groups
- Navigate to Groups in the sidebar
- Select or create a group (e.g., "Marketing", "Engineering")
- Click Add People
- Select team members to add
- Click Save
Grant Vault Access
- Navigate to Vaults in the sidebar
- Select the vault to share
- Click Manage Access
- Add users or groups
- Set appropriate permissions
- Click Save
Best Practices for Team Onboarding
Use the Principle of Least Privilege
- Only grant access to vaults team members need for their role
- Start with minimal permissions and add more as needed
- Review access quarterly and remove unnecessary permissions
Create Onboarding Documentation
Prepare resources for new team members:
- How to install 1Password on desktop and mobile
- How to use the browser extension
- Which vaults they should use for different credentials
- How to request access to additional vaults
- Who to contact for 1Password support
Set Up a Welcome Vault
Create a "Getting Started" vault containing:
- Company password guidelines
- Instructions for using 1Password
- Links to training resources
- Common shared credentials new employees need
Troubleshooting Common Issues
Invitation Email Not Received
Solutions:
- Check spam/junk folders
- Verify the email address is correct
- Resend the invitation from the Invitations page
- Add 1Password email addresses to your email allowlist
Team Member Can't Sign Up
Solutions:
- Verify their email domain is in the allowed domains list
- Check if an invitation was sent and hasn't expired
- Ensure they're using the correct sign-up link
- Have them try a different browser or device
SCIM Sync Not Working
Solutions:
- Verify the SCIM URL is correct in your identity provider
- Regenerate and update the bearer token
- Check your SCIM bridge status (if self-hosted)
- Review identity provider logs for errors
Next Steps
After onboarding your team:
- Create shared vaults: Organize credentials by team, project, or function
- Configure policies: Set team-wide security policies for passwords and access
- Enable SSO: Connect 1Password to your identity provider for single sign-on
- Set up emergency access: Ensure account recovery options are configured
- Monitor usage: Review reports to track adoption and identify issues
Additional Resources
Need help with your 1Password Business deployment? Inventive HQ offers comprehensive identity and access management services, including 1Password implementation, SSO integration, and security policy configuration. Contact us for a free consultation.