Skip to main content

ADR-009 1Password SSO

Status

✅ Accepted

Context

Operations Engineering manages the 1Password organisation for the MoJ. 1Password has a Single Sign-On (SSO) option for user to authenticate.

There are a number of challenges we face with enabling SSO for the MoJ organisation:

  1. MoJ has no single identify provider - We have users using a mix of Azure AD and GSuite. Multiple identity providers would add additional complexity and require multiple SCIM bridges (a bit of extra infrastcuture that the team would need to manage to enable SSO).

  2. Limited availability of licences - We only have a limited number of licences which are prioritised for Service Teams that need to share passwords in support of critical MoJ services. There is a risk that enabling SSO would lead to licences being consumed by users who do not meet the criteria.

Decision

Do not use SSO for 1Password

Consequences

We will manually provision users via email invite. A runbook for account creation will be made.

This page was last reviewed on 5 September 2024. It needs to be reviewed again on 5 March 2025 by the page owner #operations-engineering-alerts .