All Kubernetes commands are run from the Azure Cloud Shell.
First, Let’s check if your pod was running:
kubectl get pods
Next, check your SCIM bridge logs to see if there is any errors:
kubectl logs deploy/op-scim-bridge -f
Semms Let’s Encrypt rate-limited the server from obtaining a new TLS certificate; therefore, you will need to update your DNS record to bypass this.
for example, update the URL from scim.example.org to scim1pass.example.org
Update the OP_TLS_DOMAIN with the new DNS record:
kubectl set env deploy/op-scim-bridge OP_TLS_DOMAIN=scim1pass.calgaryunitedway.org
After this, Regenerate Credentials once more to have a fresh set.
Delete the old scimsession secret and put in the new one:
kubectl delete secret scimsessionkubectl create secret generic scimsession --from-file=scimsession=/home/$USER/scimsession
Next, Let’s loaded the new SCIM bridge URL and entered the new bearer token to confirm everything was up and running! And it was!
Finally, we had to update the Entra ID 1Password Enterprise app to have the new SCIM bridge URL and new bearer token:
- Navigate to the 1Password Business Enterprise app.
- Click Provisioning.
- Click Provisioning again.
- Expand Admin Credentials.
- Update the URL and API token.
- Click Test Connection.
- Click Save.
- Click Overview.
- Click Restart Provisioning.
We now have the SCIM bridge back in working order!