Your Azure credentials have not been set up or have expired,
1955 | please run Connect-AzAccount to set up your Azure credentials.
1956 | ClientAssertionCredential authentication failed: A
1957 | configuration issue is preventing authentication - check the
1958 | error message from the server for details. You can modify the
1959 | configuration in the application registration portal. See
1960 | https://aka.ms/msal-net-invalid-client for details. Original
1961 | exception: AADSTS700024: Client assertion is not within its
1962 | valid time range. Current time: 2022-10-20T07:47:12.7446078Z,
1963 | assertion valid from 2022-10-20T07:37:08.0000000Z, expiry time
1964 | of assertion 2022-10-20T07:42:08.0000000Z. Review the
1965 | documentation at
❌ Bad example – Error on deployment – assertion valid from 2022-10-20 07:37 to 2022-10-20 07:42 🔥(5 minutes)
Being able to sign in using Azure to almost everything has been around for a few years now. Why is this still not available to use in 1Password? This means that staff just require a single password to login to almost all the services that they use. They can make that a nice long password or even be password-less and sign into everything.
If SSO with Azure was enabled then we would also be able to use Conditional Access Policies. We already have Conditional Access policies that not only check where a user is signing in from (which can also be done in 1Password) but we are also able to restrict which devices can login and for users of Azure AD Premium P2 we can use Microsoft’s AI and stop ‘Risky Users’ from signing into our 1Password. This would also allow us to use our existing MFA solution (instead of needing a new one for 1Password).
1Password has decided to use a solution to sort passwords using free text tags. This works well in small teams but in large teams this won’t work. Can you imagine how many possible spellings there are for Service-Account? The only other solution is to have multiple vaults, but that isn’t ideal either as then we would need a vault for SysAdmin-SVC-Accounts, Designer-SVC-Accounts and Dev-SVC-Accounts. This presents problems because then we would need to set permissions on each of those. There is also a possibility that we might need to put the same login in more than 1 of those vaults. This would not be a problem if we had folders and subfolders.
It would even work better if Tags could be specified by Admin users and passwords could be set to require at least 1 tag. But as it stands, if we want our users to add and update details then they are able to create free text tags or even worse not put a tag at all.