Teams and business

1Password SCIM Bridge auf DigitalOcean bereitstellen

Learn how to deploy 1Password SCIM Bridge on DigitalOcean, so you can integrate with your identity provider.

Tip

If you don’t use DigitalOcean, you can still automate provisioning in another deployment environment.

A diagram showing the connection of identity providers to 1Password SCIM Bridge to 1Password servers.

With 1Password Business, you can automate many common administrative tasks using 1Password SCIM Bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with your existing identity provider, like Google Workspace, JumpCloud, Microsoft Entra ID, Okta, OneLogin, or Rippling.

You can deploy 1Password SCIM Bridge on DigitalOcean with the Marketplace app by following the steps below. Alternatively, you can deploy to the DigitalOcean App Platform, which is a more affordable and customizable deployment option.

Schritt 1: 1Password SCIM Bridge auf DigitalOcean bereitstellen

If you don’t already have a DigitalOcean account, create one. Then follow these steps.

1.1: Erstelle einen Cluster

Die SCIM-Bridge muss innerhalb eines Clusters bereitgestellt werden. Um einen Cluster zu erstellen:

  1. Visit 1Password SCIM Bridge on DigitalOcean Marketplace and select Install App.
  2. Select New cluster > Install.
  3. Scroll down to “Choose cluster capacity”.
  4. Select Set node pool to autoscale.
  5. From the “Node plan” menu, select 2 GB total RAM / 2 vCPUs / 60 GB storage.
  6. Change “Minimum nodes” to 1, then change “Maximum nodes” to 3.
  7. Scroll to the bottom and select Create Cluster.

Your cluster will now be created. After a few minutes, you’ll receive an email from DigitalOcean to confirm that your load balancer is ready.

The section to choose the cluster capacity in DigitalOcean

1.2: 1Password SCIM Bridge einrichten

Nachdem dein Load Balancer bereit ist:

  1. Click Networking in the sidebar and choose Load Balancers. You’ll see the IP address for your load balancer.
  2. Configure a DNS A record for your chosen domain and point it to the IP address of your load balancer. For example: scim.example.com.
  3. Wait for the DNS to propagate, then navigate to your SCIM bridge domain.

You’ll see 1Password SCIM Bridge Setup page.

DigitalOcean load balancer configuration screen showing the IP address to copy

die IP-Adresse des Load Balancers in der Adressleiste eines Webbrowsers

Schritt 2: Verbinde die 1Password SCIM Bridge mit deinem 1Password-Konto

2.1: Melde dich bei deinem 1Password-Konto an

Auf der 1Password SCIM Bridge-Setup-Seite:

  1. Enter the domain name you configured for your load balancer to verify it.
  2. Click Sign In and follow the onscreen instructions.

Learn what to do if you see the details for an existing provisioning integration.

1Password SCIM Bridge-Status

2.2: Authenticate with 1Password SCIM Bridge

After you complete the setup process, you’ll get a scimsession file and bearer token. Save them both in 1Password in case you need them again.

  1. Click Install on <yourdomain>. You’ll see the 1Password SCIM Bridge Status page.
  2. Enter your OAuth bearer token and select Verify.

Wichtig

The bearer token and scimsession file you receive during setup can be used together to access information from your 1Password account. You’ll need to share the bearer token with your identity provider, but it’s important to never share it with anyone else. And never share your scimsession file with anyone at all.

Schritt 3: Verbinde deinen Identitätsanbieter mit der SCIM-Bridge

Wichtig

If you’ve already been using 1Password Business, make sure the email addresses and group names in your 1Password account are identical to those in your identity provider.

  • If anyone is using a different email address in 1Password, ask them to change it.
  • If you have existing groups in 1Password that you want to sync with groups in your identity provider, adjust the group names in 1Password.

Because 1Password SCIM Bridge provides a SCIM 2.0-compatible web service that accepts OAuth bearer tokens for authorization, you can use it with a variety of identity providers.

Connect to the load balancer where you’ve configured the SCIM bridge (for example: https://scim.example.com) and authenticate using your OAuth bearer token.

Benutzerhandbuch

Erfahre, wie du deinen Identitätsanbieter verbinden kannst:

Google Workspace

das JumpCloud-Logo JumpCloud

das Microsoft Entra ID-Logo Microsoft Entra ID

das Okta-Logo Okta

das OneLogin-Logo OneLogin

das Rippling-Logo Rippling

Get help

Get help with the SCIM bridge, like if you lose your bearer token or session file.

Wenn du eine bestehende Bereitstellungsintegration hast

If you see the details for an existing provisioning integration on the setup page, select Regenerate Credentials, then follow the steps to save the new credentials to your 1Password account and install them on your SCIM bridge. Existing settings for the integration, such as managed groups you selected, will be retained.

If you don’t need to retain existing settings, select More Actions > Deactivate Provisioning. Then select Sign In on the setup page again.

To get more help or share feedback, contact 1Password Business Support or join the discussion with the 1Password Support Community.

Learn more


Published: