from Hacker News

I understand that when using 1password with a regular password, the password (and your generated token) is used to encrypt your public/private key and store them locally, perhaps in localstorage?

But you have the option to use SSO with Okta on 1password as well. When using that I don't think that the client is able to use the password for encryption of your public/private key anymore. How does it work in that case? And do you still have an emergency kit?