Teams and Businesses

If you’re having trouble with the 1Password SCIM bridge

Get help when you’re having trouble connecting your identity provider to the SCIM bridge.

Check the status of the SCIM bridge

If you’re not sure what the problem is, first check the SCIM bridge status page. You’ll see any problems the SCIM bridge has found, and you can download logs that contain detailed activity information.

In your browser, enter the address where you’ve configured the SCIM bridge (for example: https://scim.example.com) and authenticate using your OAuth bearer token.

If you lose your bearer token or session file

Your OAuth bearer token and scimsession file are cryptographically linked. If you lose either one, you’ll need to generate a new bearer token and session file. Then deploy the SCIM bridge again.

If you change the account details for your Provision Manager account

If you change the Master Password, Secret Key, or email address for the account you created for provision management, you’ll need to generate a new bearer token and session file. Then deploy the SCIM bridge again.

If you use two-factor authentication and see the “AuthWrap failed to generateNewSession” log message

If you see “AuthWrap failed to generateNewSession” in the SCIM bridge log, and you use 1Password Advanced Protection to enforce two-factor authentication, turn it off. The Provision Manager account can’t set up or use two-factor authentication.

If you use Duo for two-factor authentication, create an authentication policy to allow the Provision Manager account to bypass 2FA for Duo  .

If you see the “Your current location or network is blocked by an account firewall rule” log message

If you see “Your current location or network is blocked by an account firewall rule” in the SCIM bridge log, change your firewall rules to allow the SCIM bridge to access your 1Password account.

If your SCIM bridge is deployed on a cloud provider, you may not be able to connect if you use the Anonymous IP rule to deny Cloud Providers. To allow access for the SCIM bridge if it has a static outbound IP address, add an IP rule to allow it. Otherwise, remove Cloud Providers from the Anonymous IP rule.

If you still need help

For more information about the SCIM bridge, contact your 1Password Business representative.

To get help and share feedback, join the discussion in the 1Password Support forum.

Learn more

Published: