Teams and Businesses

Connect OneLogin to the 1Password SCIM bridge

Learn how to set up and use the 1Password SCIM bridge to integrate with OneLogin.

With 1Password Business, you can automate many common administrative tasks using the 1Password SCIM bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with OneLogin, so you can:


  • Create Users. Users created in OneLogin will also be created in 1Password.
  • Update User Attributes. Changing a user’s name in OneLogin will change their name in 1Password.
  • Deactivate Users. Deactivating a user or disabling the user’s access to 1Password in OneLogin will suspend the user in 1Password.

Push Groups

  • Push Groups. Roles created in OneLogin can be used as groups in 1Password. Role membership changes in OneLogin will also be made in 1Password groups.

Before you can configure OneLogin, you’ll need to set up and deploy the SCIM bridge.

To get started, sign in to your account on  , click Administration in the top right, and follow these steps.

Add the 1Password Business application to OneLogin

To add the 1Password Business application to OneLogin:

  1. Click Applications, then click Add App.
  2. Search for 1Password Business and click it. You’ll see the Portal settings for the integration, including the default application label “1Password Business”.
  3. Click Save.

You’ll see the settings for the application you just created.

Configure the application

On the 1Password Business application settings page, click Configuration. Then follow these steps.

Set up API connection

  1. Enter your Base URL and API Token.

    SCIM Base URL: the URL of the TLS-secured API gateway, proxy, or load balancer where you’ve configured the 1Password SCIM bridge. Use https and don’t include a slash at the end.

    SCIM Bearer Token: your OAuth bearer token

  2. Click Enable, then Save.

Get help if you don’t have your bearer token.

The API Connection settings for the Application with the API connection turned on


Confirm that your base URL uses https and does not include a slash at the end. For example:

Set up provisioning to 1Password

  1. Click Provisioning in the sidebar.
  2. Turn on “Enable provisioning” and review the other settings.
  3. Click Save.
Provisioning settings, with Enable provisioning turned on


OneLogin roles can be pushed to 1Password as groups. To push roles and their memberships to 1Password when assigned:

  1. Click Rules in the sidebar.
  2. Click Add Rule.
  3. Enter a name, like “Map Roles to Groups”.
  4. Configure the Action:
    • Set Groups in 1Password Business
    • Map from OneLogin
    • For each role
    • with value that matches .*
  5. Click Save.
  6. Click Parameters in the sidebar.
  7. Click Groups.
  8. Turn on Include in User Provisioning and click Save.
  9. Click Save again on the application settings page.

Rules settings, adding and configuring a rule to map roles to groups

Parameters settings, with Groups highlighted

You can also map OneLogin user attributes to 1Password.

Learn more on the OneLogin Help Center.  

Next steps

If you have existing groups in 1Password that you want to sync with OneLogin, add them to the groups managed by provisioning. Click View Details in the setup assistant or click Integrations in the sidebar and choose Manage. Click Manage in the Managed Groups section, then select the groups to sync.

If you’ve previously used the SCIM bridge, make sure to select any groups that were already synced with OneLogin. This will prevent problems syncing with your identity provider, including duplicate groups.

Appendix: Attribute mappings

The 1Password Business application supports several mappings:

mailThe user's email address.
nameThe user's name or display name.
preferredLanguageThe default language for 1Password.

Learn how to create a mapping in OneLogin. 

Still need help?

If this article didn't answer your question, contact 1Password Support.