Tip
If you don’t use DigitalOcean, you can still automate provisioning in another deployment environment.
With 1Password Business, you can automate many common administrative tasks using 1Password SCIM Bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with your existing identity provider, like Azure Active Directory, JumpCloud, Okta, OneLogin, or Rippling.
Step 1: Deploy 1Password SCIM Bridge on DigitalOcean
If you don’t already have a DigitalOcean account, create one. Then follow these steps.
1.1: Create a cluster
The SCIM bridge must be deployed within a cluster. To create a cluster:
- Visit 1Password SCIM Bridge on DigitalOcean Marketplace and click “Create 1Password SCIM Bridge”.
- Configure your cluster using the provided defaults or choose your preferred options.
- Scroll to the bottom and click Create Cluster.
Your cluster is now provisioning. After a few minutes, you’ll receive an email from DigitalOcean confirming that your load balancer is ready.
1.2: Set up 1Password SCIM Bridge
After your load balancer is ready:
- Click Networking in the sidebar and choose Load Balancers. You’ll see the IP address for your load balancer.
- Configure a DNS A record for your chosen domain and point it to the IP address of your load balancer. For example:
scim.example.com
. - Wait for the DNS to propagate, then navigate to your SCIM bridge domain.
You’ll see 1Password SCIM Bridge Setup page.
Step 2: Connect 1Password SCIM Bridge to your 1Password account
2.1: Sign in to your 1Password account
On the 1Password SCIM Bridge Setup page:
- Enter the domain name you configured for your load balancer to verify it.
- Click Sign In and follow the onscreen instructions.
If you see the details for an existing provisioning integration, you’ll need to deactivate it first. Click More Actions and choose Deactivate Provisioning. Then click Sign In on the SCIM Bridge Setup page again.

2.2: Authenticate with 1Password SCIM Bridge
After you complete the setup process, you’ll get a scimsession
file and bearer token. Save them both in 1Password in case you need them again.
- Click “Install on <yourdomain>”. You’ll see the 1Password SCIM Bridge Status page.
- Enter your OAuth bearer token and click Verify.
Important
The bearer token and scimsession
file you receive during setup can be used together to access information from your 1Password account. You’ll need to share the bearer token with your identity provider, but it’s important to never share it with anyone else. And never share your scimsession
file with anyone at all.
Step 3: Connect your identity provider to the SCIM bridge
Important
If you’ve already been using 1Password Business, make sure the email addresses and group names in your 1Password account are identical to those in your identity provider.
- If anyone is using a different email address in 1Password, ask them to change it.
- If you have existing groups in 1Password that you want to sync with groups in your identity provider, adjust the group names in 1Password.
Because 1Password SCIM Bridge provides a SCIM 2.0-compatible web service that accepts OAuth bearer tokens for authorization, you can use it with a variety of identity providers.
Connect to the load balancer where you’ve configured the SCIM bridge (for example: https://scim.example.com
) and authenticate using your OAuth bearer token.
User Guide
Learn how to connect your identity provider:
Get help
Get help with the SCIM bridge, like if you lose your bearer token or session file.
To get more help or share feedback, contact 1Password Business Support or join the discussion with the 1Password Support Community.