With 1Password Business, you can automate many common administrative tasks using the 1Password SCIM bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with your existing identity provider, like Azure Active Directory or Okta.
Step 1: Set up the SCIM bridge
Before you can deploy on Google Cloud Platform, you’ll need to set up the 1Password SCIM bridge.
Step 2: Deploy the SCIM bridge
If you don’t already have a Google Cloud Platform account, create one. Then follow these steps.
2.1 Create a project
The SCIM bridge must be deployed within a project. To create a project:
- Visit the Manage resources page and click Create Project.
- Enter a Project Name. If you’re part of an organization, choose it.
If you can’t choose your organization, contact your Google Cloud Platform organization administrator.
- Click Create.
After the project has been created, you can configure the SCIM bridge.
2.2 Configure the SCIM bridge
Visit 1Password SCIM bridge on Google Cloud Platform Marketplace and click Configure. If prompted, choose the project you created above.
If you see “‘Kubernetes Engine Admin’ role is required”, ignore it. The message will go away after you create a cluster.
Configure the SCIM bridge and click Deploy:
Choose one or click “Create a new cluster”. If you create a new cluster, refresh the page after it has been created.
Use the provided default. Or if you have an existing application in the cluster, create a new namespace called “1password”.
- App instance name
Use the provided default.
- 1Password sign-in address
Your 1Password sign-in address. For example:
After the SCIM bridge is deployed, you’ll see its application details.
2.3 Set up the SCIM bridge
In the “SCIM bridge info” section of the application details, the “1Password SCIM bridge public IP” begins with
10. For example:
- Refresh the page until the 1Password SCIM bridge public IP changes, then click it. You’ll see the 1Password SCIM Bridge Setup.
Follow the onscreen instructions:
Configure a DNS record to point your domain to the 1Password SCIM bridge public IP, and then enter the domain name to verify it.
Enter your OAuth bearer token to verify the status of the SCIM bridge.
SCIM bridge setup is now complete.
2.4: Configure a static IP address
When you first deploy the 1Password SCIM bridge, an ephemeral IP address is assigned to it. This address is not guaranteed to remain constant, which may interrupt your automated provisioning.
To use the SCIM bridge without interruption, promote the “1Password SCIM bridge public IP” to a static IP address. Learn how to configure a static IP address.
To update the 1Password SCIM bridge
Learn how to update the SCIM bridge when a new version is available.
Step 3: Connect your identity provider to the SCIM bridge
Because the 1Password SCIM bridge provides a SCIM 2.0-compatible web service that accepts OAuth bearer tokens for authorization, you can use it with a variety of identity providers.
Connect to the TLS-secured API gateway, proxy, or load balancer where you’ve configured the SCIM bridge (for example:
https://scim.example.com) and authenticate using your OAuth bearer token.
The 1Password SCIM bridge for Google Cloud Platform requires 1Password Business and a supported SCIM 2.0-compatible identity provider: Azure Active Directory or Okta.
If you lose your bearer token or session file
Your OAuth bearer token and
scimsession file are cryptographically linked. If you lose either one, you’ll need to generate a new bearer token and session file. Then deploy the SCIM bridge again.
If you change the account details for your Provision Manager account
If you change the Master Password, Secret Key, or email address for the account you created for provision management, you’ll need to generate a new bearer token and session file. Then deploy the SCIM bridge again.
If a new version of the SCIM bridge is available
If you receive an email notification about a new version of the SCIM bridge, learn how to update the 1Password SCIM bridge on Google Cloud Platform.
If you still need help
For more information about the SCIM bridge, contact your 1Password Business representative. To get help and share feedback, join the discussion in the 1Password Support forum.