Configure account requests

Allow team members to request access to 1Password SaaS Manager.

Account requests allow individuals from your organization to request access to SaaS Manager by signing up with their work email address. This is useful if you cannot enable SAML-based single-sign-on and you do not want to add accounts manually.

When a team member signs up for an account using an email address from a domain that you own, a notification is sent to specified accounts for review and approval. Once the request is approved, the account is created with the default account role. The team member can then log in with their email address and password, or use single sign-on via OpenID Connect.

Enable account requests

To enable team members to request access to SaaS Manager:

1. Select Settings > Accounts to open the Accounts Settings page.
2. Expand Domains and check whether your organization's domains are listed. If your domain is not listed, contact your customer success representative.
3. Expand Account request notifications. Any accounts that have been configured to receive notifications when a new account request is made are listed. To specify an account who should receive these notifications, enter the team member's name or email address and then select Add.

You can also change the default account role from this page if required. 

When account requests are enabled, a "Sign up" link is displayed on the SaaS Manager login page. If a person attempts to sign up or log in with their organization email address and there is no existing account associated with that email address, an account request is created.

Enable login options

By default, when a team member requests access to SaaS Manager, they set a password for their account. In addition or as an alternative you can enable single sign-on (SSO) with OpenID Connect ("social login") so that team members can sign up and log in to SaaS Manager with an existing Google Workspace or Microsoft Azure AD account.

To configure the available login options:

1. Select Settings > Accounts to open the Accounts Settings page.
2. Under Single Sign-On, expand SAML options.
   • To allow team members to log in with their email address and password, select Allow password login.
   • To allow team members to SSO with an existing Google or Microsoft account, select Allow OpenID Connect.
3. Select Apply changes.

According to the options you have enabled, the SSO OIDC providers and the email address and password options are displayed on the SaaS Manager sign up page.

Once the account request has been approved, only the option that the team member used to sign up is displayed. Team members can enable alternative login options from their profile page (subject to what is enabled).

To enable additional login options for your account:

1. When logged in to SaaS Manager, in the top right-hand corner select your profile icon, then select your account name. The profile page is displayed.
2. Select Password or External login and make changes as needed.

Review account requests

To review and approve account requests, open the Accounts Settings page again and select New accounts from your domains. The "Account requests" page is displayed. Any pending requests are listed. Select each request to approve or reject it.

When you approve an account request, the account is given the specified default role. To change an account's role, open the People directory, select the team member, expand the context menu, and then select Edit SaaS Manager access.