When you use 1Password SCIM Bridge, you can automate many administrative tasks by connecting 1Password with your identity provider. When you set up and deploy the SCIM bridge on a server in your own environment, the encryption keys for your account are only available to you.
Your company is protected
Communication between the SCIM bridge and 1Password is protected by the same multi-layered approach that secures all 1Password clients: Secure Remote Password (SRP) and Transport Layer Security (TLS).
When you use 1Password SCIM Bridge with your identity provider, user management and group memberships are automated, so the risk of human interference or error is reduced.
Your secure information is not shared
The SCIM bridge is a secure proxy for provisioning. It sends encrypted user and group information between 1Password and your identity provider. It doesn’t send any information from items or vaults.
The SCIM bridge sends the name of your identity provider to 1Password. It also logs provisioning actions by default, but this information is not shared and is only accessible from your server.
If you turn on health monitoring, Checkly periodically checks whether the SCIM bridge is available and working. To check for errors, 1Password gives Checkly a bearer token that grants access to only status information on the SCIM bridge. No other information from your 1Password account is shared with Checkly.
Protect yourself when using the SCIM bridge
Follow best security practices for your identity provider. Many identity providers have best practices to follow when using their product:
Google Workspace
JumpCloud
Microsoft Entra ID
Okta
OneLogin
Rippling