Tipp
If you currently use 1Password SCIM Bridge, learn how to migrate to hosted provisioning.
With 1Password Business, you can automate many common administrative tasks by connecting your identity provider with your 1Password account. When you set up automated provisioning with your identity provider, you can:
- Create users and groups, including automated account confirmation.
- Grant and revoke access to groups.
- Suspend users.
Die automatische Bereitstellung beinhaltet kein Single Sign-On (SSO). Wenn du deinen Nutzern erlauben willst, sich mit deinem Identitätsanbieter bei 1Password anzumelden, erfährst du, wie du Freischalten mit SSO einrichten kannst.
Try it yourself
Explore our interactive demo to see how 1Password hosted provisioning setup works.
Überlegungen
When you set up automated provisioning, consider the impact it will have on your account:
- You won’t be able to use a self-hosted SCIM bridge on the account in the future. Hosted provisioning is designed differently than 1Password SCIM Bridge, and your account won’t be compatible with the self-hosted SCIM bridge.
- Hosted provisioning won’t manage groups that have the Recover Accounts or Manage All Groups permissions. This is a security feature to prevent automated provisioning from having account-wide cryptographic access.
- Users will be confirmed without a delay. Hosted provisioning has immediate confirmations so the end-user proves their identity when they accept the invitation.
Limitations
There are also some limitations to consider:
- User management with 1Password CLI isn’t supported when hosted provisioning is turned on. Support will be added in the future.
- 1Password MSP accounts aren’t currently supported.
Verbinde deinen Identitätsanbieter
To set up automated user provisioning and connect your identity provider to your 1Password account, choose your identity provider:
Next steps
After you set up automated provisioning:
- Team members won’t be able to change their email addresses themselves. You’ll need to change their email addresses in your identity provider first, then they’ll be updated in 1Password. Team members will receive an email to confirm the change. Learn how to change a team member’s email address.
- You can suspend team members in 1Password by deprovisioning them in your identity provider. You can still permanently delete their account on 1Password.com.
- A Provision Managers group will be created. In most cases, no one should be added to this group. Group members can access the Employee vaults of provisioned users until they set up their account.
Tipp
Learn about best practices for using automated provisioning.
Unterstützung erhalten
If you change a team member’s email address in your identity provider, 1Password will email the team member and ask them to accept the change. If you’re changing the domain of the email address, make sure to update your allowed domains list. Emails associated with 1Password team members must be associated with a functioning inbox.
Do not change a suspended team member’s email address. Some identity providers don’t sync email changes for suspended users. If you reactivate a suspended team member after changing their email address, 1Password will treat them as a new user.
Um weitere Hilfe zu erhalten oder Feedback zu geben, kontaktiere den 1Password Business Support oder nimm an der Diskussion mit der 1Password Support Community teil.
Mehr erfahren
- Über 1Password Business
- About the security of automated provisioning (hosted by 1Password)
- Über die Provision Managers-Gruppe
War dieser Artikel hilfreich?
Freut mich, das zu hören! Wenn du etwas hinzufügen möchtest, zögere nicht, uns zu kontaktieren.
Tut mir leid, das zu hören. Bitte kontaktiere uns, wenn du uns mehr darüber erzählen möchtest.