Verbinde Microsoft Entra ID mit der 1Password SCIM Bridge

With 1Password Business, you can integrate 1Password with Microsoft Entra ID (previously Azure AD) to automate many common administrative tasks:

Benutzer bereitstellen

• Create users: Assigned users and groups will be provisioned to 1Password.
• Update user attributes: Changing user attributes in your directory will change the mapped attributes in 1Password.
• Deactivate users: Disabling a user or removing their assignment in Entra ID will suspend the user in 1Password.

Gruppen verwalten

• Assign groups: Assign groups from your directory to sync them to 1Password or manage existing 1Password groups in Entra ID.

To get started, sign in to your account on the Microsoft Azure portal  and follow these steps.

Before you begin

Before you can integrate 1Password with Entra ID, you’ll need to:

• Set up and deploy 1Password SCIM Bridge.
• Have a premium subscription for the administrator that will manage the 1Password application in Entra ID.
• Make sure Provisioning users & groups is turned on in the Automated User Provisioning page of your 1Password account.

These steps were recorded in June 2025 and may have changed since. Refer to the Microsoft documentation  for the most up-to-date steps.

Schritt 1: Füge 1Password als Unternehmensanwendung hinzu

If you already use 1Password Unlock with Entra ID, follow the steps below to create a new enterprise application for both integrations.

Um 1Password als Unternehmensanwendung in Entra ID hinzuzufügen:

1. Select Microsoft Entra ID, then select Enterprise applications  in the sidebar.
2. Select New application, then choose Create your own application.
3. Enter “1Password EPM” for the name of the app and select Integrate any other application you don’t find in the gallery (Non-gallery). Then select Create.

You’ll see the details of the application you just created. Continue to the next section to configure it.

If you use unlock with SSO, you'll also need to configure the enterprise application you just created for SSO.

Step 2: Connect your SCIM bridge

Auf der Detailseite der 1Password EPM-Anwendung:

1. Select Users and groups in the sidebar, then add a test user or group you want to provision to 1Password. You can add all the users and groups you want to provision after you test the integration.
2. Select Provisioning in the sidebar, then select Connect your application.
3. Enter your tenant URL and secret token.
   • Tenant URL: the URL of your SCIM bridge (not your 1Password account sign-in address). For example: https://scim.example.com

     If you don't know your URL, make sure you've set up and deployed the SCIM bridge.

   • Secret token: the bearer token for your SCIM bridge

     Learn what to do if you don't have your bearer token.

4. Select Test Connection, then select Create and wait a moment for it to be created.

2.2: Passe die Attributzuordnungen an

1. Select Attribute mapping in the sidebar.
2. Wähle Microsoft Entra ID-Nutzer bereitstellen aus.
3. Find the userName attribute in the customappsso column and choose Edit.
4. Change the source attribute from userPrincipalName to mail.

   If you choose a different Entra ID source attribute, make sure it's a routable email address.

5. Wähle Ok aus.
6. Select Save then select X in the top right.

Learn more about the required attributes and recommended mappings.

2.3: Testbereitstellung

1. Select Provision on demand in the sidebar.
2. Enter the name of the user or group that you chose in step 2. If you choose a group, make sure to select users in the group.
3. Select Provision.

Review the results of this test to make the selected users and groups were synced to 1Password, then continue to step 5.

2.4: Scope users and turn on provisioning

Wenn du bereit bist, die Bereitstellung zu aktivieren:

1. From the sidebar, select Users and groups and add the users and groups you want to provision. The users and groups you select will immediately be synced after the next step.
2. From the sidebar, select Overview > Start provisioning.

Next steps

When you turn on provisioning, existing 1Password users will be linked to Entra ID users if their email address matches. If their email address is different, they’ll be invited to 1Password again, so make sure any affected team members update their email address before you turn on provisioning.

Wenn du bestehende Gruppen in 1Password hast, die du mit Entra ID synchronisieren möchtest, füge sie den Gruppen hinzu, die durch Bereitstellung verwaltet werden:

1. Sign in to your account on 1Password.com.
2. Choose Integrations in the sidebar and choose Automated User Provisioning.
3. Choose Manage in the Managed Groups section, then select the groups to sync.

If you've previously used the SCIM bridge, make sure to select any groups that were already synced with Entra ID. This will prevent problems syncing with your identity provider, including duplicate groups.

Get help

Falls Benutzer und Gruppen nicht bereitgestellt werden, stelle sicher, dass die Bereitstellung in deinem 1Password-Konto aktiviert ist:

1. Sign in to your account on 1Password.com.
2. Choose Integrations in the sidebar.
3. Choose Automated User Provisioning.
4. Make sure Provisioning users & groups is turned on.

Learn more

• (Microsoft Entra ID) Überprüfe den Status der Benutzerbereitstellung
• Entsperren von 1Password mit Microsoft Entra ID konfigurieren

Anhang: Attributzuordnungen

Nicht-Galerie-Anwendungen in Entra ID enthalten einen Standardsatz von Attributzuordnungen. Für die automatisierte Bereitstellung von 1Password sind die folgenden Attributzuordnungen erforderlich:

Learn how to customize user provisioning attribute-mappings in Entra ID. 

Glad to hear it! If you have anything you'd like to add, feel free to contact us.

Sorry to hear that. Please contact us if you'd like to provide more details.