With 1Password Business, you can automate many common administrative tasks using the System for Cross-domain Identity Management (SCIM) bridge. It’s SCIM 2.0 compatible and works with Azure Active Directory, so you can:
- Create users and groups, including automated account confirmation
- Grant and revoke access to groups
- Suspend and delete users
Before you can configure Azure Active Directory, you’ll need to set up and deploy the SCIM bridge. To use the SCIM bridge with Azure Active Directory, the administrator managing the SCIM application requires a premium subscription.
To get started, sign in to your account on the Microsoft Azure portal and follow these steps.
Add the 1Password SCIM bridge as a custom application
To add the 1Password SCIM bridge as a custom application:
- Click Azure Active Directory, then select “Enterprise applications” in the sidebar.
- Click “New application”, then click “Create your own application”.
- Enter “1Password Business” for the display name and select “Integrate any other application you don’t find in the gallery”. Then click Create.
You’ll see the details of the application you just created.
Configure the application
On the 1Password Business application details page:
Click Provisioning in the sidebar, then click Get Started.
Set Provisioning Mode to Automatic.
Enter your Tenant URL and Secret Token.
Tenant URL: the TLS-secured API gateway, proxy, or load balancer where you’ve configured the 1Password SCIM bridge. For example:
Secret Token: your OAuth bearer token
Click Test Connection, then click Save.
Set Provisioning Status to On and click Save.
Get help if you don’t have your bearer token.
To sync only specific users and groups, set Scope to “Sync only assigned users and groups” and click Save. To manage assigned users and groups, click “Users and groups”.
To restart synchronization, turn on “Clear current state and restart synchronization” and click Save.
To turn off synchronization, set Provisioning Status to Off and click Save.
Learn more in the Azure Active Directory Documentation.
If you have existing groups in 1Password that you want to sync with Azure Active Directory, add them to the groups managed by provisioning. Click View Details in the setup assistant or click Integrations in the sidebar and choose Manage. Click Manage in the Managed Groups section, then select the groups to sync.
If you’ve previously used the SCIM bridge, make sure to select any groups that were already synced with Azure Active Directory. This will prevent problems syncing with your identity provider, including duplicate groups.
Appendix: Attribute mappings
The 1Password Business application supports several user attribute-mappings:
|The user's email address.|
|name||The user's name or display name.|
|preferredLanguage||The default language for 1Password.|