Teams and Businesses

Connect OneLogin to the 1Password SCIM bridge

Learn how to set up and use the 1Password SCIM bridge to integrate with OneLogin.

With 1Password Business, you can automate many common administrative tasks using the 1Password SCIM bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with OneLogin, so you can:

Provision

  • Create Users. Users created in OneLogin will also be created in 1Password.
  • Update User Attributes. Changing a user’s name in OneLogin will change their name in 1Password.
  • Deactivate Users. Deactivating a user or disabling the user’s access to 1Password in OneLogin will suspend the user in 1Password.

Push Groups

  • Push Groups. Roles created in OneLogin can be used as groups in 1Password. Role membership changes in OneLogin will also be made in 1Password groups.

Before you can configure OneLogin, you’ll need to set up and deploy the SCIM bridge.

To get started, sign in to your account on OneLogin.com  , click Administration in the top right, and follow these steps.

Add the 1Password Business application to OneLogin

To add the 1Password Business application to OneLogin:

  1. Click Applications, then click Add App.
  2. Search for 1Password Business and click it. You’ll see the Portal settings for the integration, including the default application label “1Password Business”.
  3. Click Save.

You’ll see the settings for the application you just created.

Configure the application

On the 1Password Business application settings page, click Configuration. Then follow these steps.

Set up API connection

  1. Enter your Base URL and API Token.

    SCIM Base URL: the URL of the TLS-secured API gateway, proxy, or load balancer where you’ve configured the 1Password SCIM bridge. Don’t include a slash at the end. For example: https://scim.example.com

    SCIM Bearer Token: your OAuth bearer token

  2. Click Enable, then Save.

Get help if you don’t have your bearer token.

The API Connection settings for the Application with the API connection turned on

Set up provisioning to 1Password

  1. Click Provisioning in the sidebar.
  2. Turn on “Enable provisioning” and review the other settings.
  3. Click Save.
Provisioning settings, with Enable provisioning turned on

Settings

OneLogin roles can be pushed to 1Password as groups. To push roles and their memberships to 1Password when assigned:

  1. Click Rules in the sidebar.
  2. Click Add Rule.
  3. Enter a name, like “Map Roles to Groups”.
  4. Configure the Action:
    • Set Groups in 1Password Business
    • Map from OneLogin
    • For each role
    • with value that matches .*
  5. Click Save.
  6. Click Parameters in the sidebar.
  7. Click Groups.
  8. Turn on Include in User Provisioning and click Save.
  9. Click Save again on the application settings page.

Rules settings, adding and configuring a rule to map roles to groups

Parameters settings, with Groups highlighted

Learn more on the OneLogin Help Center.