Deploy 1Password SCIM Bridge on DigitalOcean App Platform

Mit 1Password Business kannst du viele gängige Verwaltungsaufgaben mit der 1Password SCIM-Bridge automatisieren. Es nutzt das SCIM-Protokoll (System for Cross-Domain Identity Management), um 1Password mit deinem bestehenden Identitätsanbieter wie Google Workspace, JumpCloud, Microsoft Entra ID, Okta, OneLogin oder Rippling zu verbinden.

When you deploy 1Password SCIM Bridge with DigitalOcean App Platform instead of the DigitalOcean Marketplace, you can save on costs and keep management simpler without the need to create a DNS record or TLS certificate. You’ll need a DigitalOcean account with available quotas for two droplets.

Step 1: Generate credentials in 1Password

1. Melde dich an, bei deinem Konto auf 1Password.com.
2. Choose Integrations in the sidebar.
3. Wähle deinen Identitätsanbieter im Abschnitt „Benutzerbereitstellung“.
4. Select Custom, then choose Next.
5. Choose Save in 1Password for both the scimsession file and bearer token to save them as items in your 1Password account. Save each item in an appropriate shared vault.
6. Choose the down arrow beside the scimsession file and save it to your computer.

Step 2: Create resources in DigitalOcean

These steps were recorded in December 2023 and might have changed since. Refer to the DigitalOcean documentation  for the most up-to-date steps.

Before you begin the deployment, download the app spec template op-scim-bridge.yaml from the 1Password SCIM Bridge deployment examples repo on GitHub . Then follow these steps.

2.1: Add the 1Password SCIM Bridge app

1. Go to the DigitalOcean Apps portal and choose Create App.
2. Select Docker Hub from the service provider list, then enter 1password/scim in the Repository field and choose Next.
3. Choose Edit beside 1-password-scim, then choose Edit beside the Name field.
4. Enter op-scim-bridge in the Resource Name field, then choose Save and choose Back at the bottom of the page.
5. Choose Edit Plan, then select Basic.
6. From the Instance Size menu, select $5.00/mo - Basic, then choose Back.
7. Choose Next on the Resources page, then choose Next on the Environment page.
8. On the Info page, choose Edit in the App Info section.
9. Enter op-scim-bridge in the Name field, then choose Save.
10. If you’d like to change the region, choose Edit beside it and select a region, then choose Save.
11. Choose Next on the Info page, then scroll down on the Review page and choose Create Resources.

The deployment of 1Password SCIM Bridge will start and after a few minutes fail, which is expected because the configuration has not been defined. After you see the “deployment failed” message, continue to step 2.2.

2.2: Upload the app manifest

1. Choose the Settings tab on the app page, then scroll down and choose Edit beside App Spec.
2. Choose Upload File, then select the op-scim-bridge.yaml file you downloaded earlier.
3. Choose Replace, then wait a moment for the SCIM bridge to deploy.

Step 3: Configure and deploy your SCIM bridge

1. After you see the “deployment went live” message at the top of the page, choose op-scim-bridge from the Components list, then scroll down and choose Edit beside Environment Variables.

2. Choose the trash beside OP_SESSION to remove it. You’ll upload your own in a moment.

3. Open a terminal window on your computer, then get the Base64 encoded contents of your scimsession file:

   • Bash:

       cat ./scimsession | base64
     

   • PowerShell:

       [Convert]::ToBase64String([IO.File]::ReadAllBytes((Join-Path $PWD.Path 'scimsession')))
     

4. Copy the output value. You’ll need it to create the secret for the deployment.

5. Go back to the Environment Variables section of your app’s Component Settings in DigitalOcean.

6. Create a new environment variable and enter OP_SESSION in the Keys field, then paste the base64 value of your scimsession secret in the Values field.

7. Select Encrypt beside the value, then choose Save. The deployment will take a moment to update.

8. After the deployment is live, use the Live App button at the top of the page to open your SCIM bridge. You can also use the URL link at the top of the page below your project name.

9. Enter your bearer token and choose Verify.

Schritt 4: Verbinde deinen Identitätsanbieter mit der SCIM-Bridge

Da die 1Password SCIM-Bridge einen SCIM 2.0-kompatiblen Webservice bietet, der OAuth-Bearer-Token zur Autorisierung akzeptiert, kannst du sie mit einer Vielzahl von Identitätsanbietern nutzen.

Verbinde dich mit dem Load Balancer, auf dem du die SCIM-Bridge konfiguriert hast (zum Beispiel: https://scim.example.com) und authentifiziere dich mit deinem OAuth-Bearer-Token.

Update your SCIM bridge

The latest version of 1Password SCIM Bridge is posted on the release notes website. To update your SCIM bridge:

1. Navigate to the DigitalOcean Apps portal and select your SCIM bridge (by default, op-scim-bridge) from the list of apps.
2. Choose op-scim-bridge in the Compute section.
3. Select Edit in the Source section.
4. Change the version number in the Tag field to match the latest version from the SCIM Bridge release notes page .
5. Select Save. The SCIM bridge will redeploy with the new version.
6. Navigate to your SCIM bridge URL and sign in with your bearer token.
7. Check the version in the top left of the page.

Unterstützung erhalten

Hol dir Hilfe bei der SCIM-Bridge, zum Beispiel wenn du dein Bearer-Token oder deine Sitzungsdatei verloren hast.

Um weitere Hilfe zu erhalten oder Feedback zu geben, kontaktiere den 1Password Business Support oder nimm an der Diskussion mit der 1Password Support Community teil.