Teams and business

Update 1Password SCIM Bridge

Learn how to get and deploy the latest version of 1Password SCIM Bridge for your environment.

To check the version of your SCIM bridge, visit the SCIM bridge domain in your browser. The version will be displayed in the top left, and you can compare it with the current version on the 1Password SCIM Bridge release notes page.

To update 1Password SCIM Bridge to the latest version, follow the instructions for your deployment environment:

If you received an email about your SCIM bridge version being deprecated, update the SCIM bridge within 90 days. If you don’t update in that time, your existing accounts will still work, but 1Password will no longer sync with your identity provider.

If you need help updating the SCIM bridge, contact a 1Password Business representative.

Azure Container Apps

  1. Sign in to your account on the Microsoft Azure portal.
  2. Go to the Azure Container Apps Portal, select the Container App for 1Password SCIM Bridge, then choose Containers in the sidebar.
  3. Select Edit and deploy.
  4. Select the checkbox next to your op-scim-bridge container, then choose Edit.
  5. Change the version number in the Image and Tag field to match the latest version from our SCIM bridge releases notes website. For example, 1password/scim:v2.9.5.
  6. Select Save, then Create to deploy a new revision with the updated image.
  7. Visit your SCIM bridge domain in a web browser and enter your bearer token.
  8. Review the version number in the upper left of the page to make sure you’re using the latest version of 1Password SCIM Bridge.

Docker or Kubernetes

Learn how to update 1Password SCIM Bridge if you deployed it using the Docker or Kubernetes deployment examples on GitHub:

If you customized your SCIM bridge deployment on Docker

If you customized your SCIM bridge deployment, update the deployment configuration file with the new version and then apply the change:

  1. Visit 1Password SCIM Bridge on Docker Hub and note the tag with the most recent version number.
  2. Edit your docker-compose.yml configuration file and update it with the version number you noted.
  3. Run one of the following commands to apply the update:
    Deployment environmentRun this command
    Docker Composedocker-compose up
    Docker Swarmdocker stack deploy

If you’re using Azure Kubernetes Service

If you’re using Azure Kubernetes Service and your SCIM bridge application pods (op-scim) get stuck in a “Pending” state during the upgrade, your cluster may not have enough nodes.

  1. Sign in to your account on the Microsoft Azure portal.
  2. Locate your op-scim Kubernetes service and open it.
  3. Under Settings in the sidebar, choose Node pools, then click your node pool.
  4. Click the number beside “Node count”.
  5. Choose Autoscale, then choose a node count range of 1 minimum and 3 maximum.
  6. Click Apply.
The scale node pool page for the cluster

AWS Fargate

If you followed the instructions from the scim-examples repository on GitHub to deploy the SCIM bridge, learn how to update the SCIM bridge on AWS ECS Fargate using Terraform.

If you customized your SCIM bridge deployment

If you customized your SCIM bridge deployment, update the deployment configuration file with the new version and then apply the change:

  1. Open the task-definitions/scim.json file and edit the following line:

     "image": "1password/scim:v2.x.x"
    
  2. Change v2.x.x to match the tag with the most recent version number of the 1Password SCIM Bridge on Docker Hub.

  3. Run the following commands to reapply your Terraform settings:

     terraform plan -out=./op-scim.plan
     terraform apply ./op-scim.plan
    

Google Cloud Platform

Tip

If your SCIM bridge was not deployed in the default namespace, switch the context or append -n=namespace to the commands below.

Use the Cloud Shell on Google Cloud Platform to update the SCIM bridge from the marketplace:

  1. Visit the list of Clusters on Google Cloud Platform , choose the project, and click the cluster you use for the SCIM bridge.

  2. Click Connect and choose Run in Cloud Shell.

  3. Allow any API permissions, then press Return to connect to the cluster.

  4. Copy this command and paste it into the shell window, then press Return:

     kubectl get deploy
    

    Make a note of the deployment name for the SCIM bridge. This is the line that doesn't end with redis-master. By default it's named op-scim-bridge-1.

  5. Copy this command and make sure the deployment name matches what you noted in the previous step:

     kubectl set image deploy/op-scim-bridge-1 op-scim-bridge-1=1password/scim:v2.x.x
    

    Change “v2.x.x” in the command to the latest version.

  6. Find and copy the name of the SCIM bridge application:

     kubectl get application
    
  7. Notify Google Cloud Platform of the update so the application page for your SCIM bridge shows the current version. Make sure op-scim-bridge-1 matches the application name you noted in the previous step:

     kubectl patch application op-scim-bridge-1 -p='[{"op":"replace", "path":"/spec/descriptor/version", "value":"2.x.x"}]' --type='json'
    

    Change “v2.x.x” in the command to the latest version.

If you can’t update the SCIM bridge in-place, you can also redeploy it. The SCIM bridge doesn’t maintain state information, so this won’t impact your identity provider or 1Password account, aside from downtime while you redeploy it.

Before you redeploy the SCIM bridge, pause provisioning with your identity provider. Then follow these steps:

  1. Visit the Google Kubernetes Engine console , click the SCIM bridge by 1Password app instance, then click Delete.
  2. Release the “SCIM bridge by 1Password” app’s static IP address in Google Cloud Platform.
  3. Deploy 1Password SCIM Bridge again in the same project using the same cluster.
  4. Promote the app’s ephemeral IP address to a static IP address.
  5. Update the DNS record for the SCIM bridge to point to the new static IP address.
  6. Connect the SCIM bridge to your 1Password account.
  7. Connect your identity provider and turn on provisioning.

DigitalOcean

Install the updated DigitalOcean Marketplace app over the old one:

  1. Visit 1Password SCIM Bridge on DigitalOcean Marketplace and click Install App.
  2. Choose the cluster where the SCIM bridge is deployed, then click Install.

    The installation may take up to 10 minutes to complete.

  3. Visit the SCIM bridge domain in your browser and enter your OAuth bearer token to confirm that the update was successful.

If you can’t update the SCIM bridge in-place, you can also redeploy it. The SCIM bridge doesn’t maintain state information, so this won’t impact your identity provider or 1Password account, aside from downtime while you redeploy it.

Before you redeploy the SCIM bridge, pause provisioning with your identity provider. Then follow these steps:

  1. Visit the DigitalOcean Kubernetes console , choose the cluster where the SCIM bridge is deployed, then click Kubernetes Dashboard.
  2. Choose Cluster > Namespaces and delete the op-scim-bridge namespace.
  3. Install the SCIM bridge again using the same cluster.

    The installation can take up to 10 minutes to complete.

  4. Go back to the Kubernetes Dashboard for your cluster.
  5. Select Services in the Service section.
  6. Find op-scim-bridge-svc in the list and copy the IP address shown under the “External Endpoints”.
  7. Update the DNS record to match the IP address you just copied.
  8. Connect the SCIM bridge to your 1Password account.
  9. Connect your identity provider and turn on provisioning.

Get help

Get help with the SCIM bridge, like if you lose your bearer token or session file, or if you use two-factor authentication.

By default, SCIM bridge deprecation emails are sent to people in the Administrators group. To send deprecation emails to additional people:

  1. Sign in to your account on 1Password.com.
  2. Click Integrations in the sidebar.
  3. Click Manage in the Notifications section.
  4. Add the email(s) you’d like to use, then click Save.

To get more help or share feedback, contact 1Password Business Support or join the discussion with the 1Password Support Community.

Learn more

Published: