{"id":4516,"date":"2022-12-23T08:18:56","date_gmt":"2022-12-23T16:18:56","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4516"},"modified":"2022-12-23T08:18:59","modified_gmt":"2022-12-23T16:18:59","slug":"how-to-deploy-1password-scim-bridge-on-azure-kubernetes-service","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4516","title":{"rendered":"How to Deploy 1Password SCIM Bridge on Azure Kubernetes Service"},"content":{"rendered":"\n<p>With&nbsp;<a href=\"https:\/\/1password.com\/business\/\">1Password Business<\/a>, you can automate many common administrative tasks using 1Password SCIM bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with your existing identity provider, like Azure Active Directory, JumpCloud, Okta, OneLogin, or Rippling.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-1-add-provisioning-to-your-1password-account\">Step 1: Add provisioning to your 1Password account<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-1-add-provisioning-to-your-1password-account\"><\/a><\/h2>\n\n\n\n<p>Before you can deploy 1Password SCIM Bridge, you\u2019ll need to add the provisioning integration and get credentials for it. Click Get Started, sign in to your 1Password account, and follow the onscreen instructions.<\/p>\n\n\n\n<p><a target=\"_blank\" href=\"https:\/\/start.1password.com\/integrations\/provisioning\" rel=\"noreferrer noopener\">Get Started<\/a><\/p>\n\n\n\n<p>If you see the details for an existing provisioning integration, you\u2019ll need to deactivate it first. Click More Actions and choose Deactivate Provisioning.<\/p>\n\n\n\n<p>After you complete the setup process, you\u2019ll get a&nbsp;<code>scimsession<\/code>&nbsp;file and bearer token. Save them both in 1Password and save the&nbsp;<code>scimsession<\/code>&nbsp;file to your computer. You\u2019ll need these to deploy the SCIM bridge and connect your identity provider.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">IMPORTANT<\/h4>\n\n\n\n<p>The bearer token and&nbsp;<code>scimsession<\/code>&nbsp;file you receive during setup can be used together to access information from your 1Password account. You\u2019ll need to share the bearer token with your identity provider, but it\u2019s important to&nbsp;<strong>never share it with anyone else<\/strong>. And never share your&nbsp;<code>scimsession<\/code>&nbsp;file with&nbsp;<strong>anyone at all<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-2-create-and-configure-the-kubernetes-cluster\">Step 2: Create and configure the Kubernetes cluster<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-2-create-and-configure-the-kubernetes-cluster\"><\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"21-start-creating-a-kubernetes-cluster\">2.1: Start creating a Kubernetes cluster<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#21-start-creating-a-kubernetes-cluster\"><\/a><\/h3>\n\n\n\n<p>The SCIM bridge must be deployed to a cluster. To create a cluster:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Sign in to your account on the&nbsp;<a target=\"_blank\" href=\"https:\/\/portal.azure.com\/\" rel=\"noreferrer noopener\">Microsoft Azure portal. &nbsp;&nbsp;<\/a><\/li><li>On the Azure portal menu or from the Home page, select \u201cCreate a resource\u201d.<\/li><li>Select Containers &gt; Kubernetes Service.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"22-configure-your-cluster\">2.2: Configure your cluster<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#22-configure-your-cluster\"><\/a><\/h3>\n\n\n\n<p>Configure your cluster using the following options. For all other options, you can use the provided defaults or choose your preferred options.<\/p>\n\n\n\n<p>Project details:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Resource group<\/strong><br>Choose one, or click \u201cCreate new\u201d and enter \u201c1Password\u201d.<\/li><\/ul>\n\n\n\n<p>Cluster details:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Kubernetes cluster name<\/strong><br>Enter \u201cop-scim\u201d.<\/li><\/ul>\n\n\n\n<p>Primary node pool:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Node size<\/strong><br>The SCIM bridge requires at least a \u201cStandard B2s\u201d VM size.<\/li><li><strong>Scale method<\/strong><br>Choose Autoscale.<\/li><li><strong>Node count<\/strong><br>The SCIM bridge requires at least 2 nodes.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/i.1password.com\/media\/scim-azure-kubernetes.png\" alt=\"the Project Details page configured for the cluster\"\/><\/figure>\n\n\n\n<p>After you\u2019ve configured your cluster, click \u201cReview + create\u201d. It may take a moment. When you see \u201cValidation passed\u201d, click \u201cCreate\u201d.<\/p>\n\n\n\n<p>When you see \u201cYour deployment is complete\u201d, continue to the next step.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-3-set-up-and-deploy-1password-scim-bridge\">Step 3: Set up and deploy 1Password SCIM Bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-3-set-up-and-deploy-1password-scim-bridge\"><\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"31-connect-to-your-kubernetes-cluster\">3.1: Connect to your Kubernetes cluster<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#31-connect-to-your-kubernetes-cluster\"><\/a><\/h3>\n\n\n\n<ol class=\"wp-block-list\"><li>Open your cluster on the&nbsp;<a target=\"_blank\" href=\"https:\/\/portal.azure.com\/\" rel=\"noreferrer noopener\">Microsoft Azure portal. &nbsp;&nbsp;<\/a><\/li><li>Click Connect at the top of the page.<\/li><li>Click Open Cloud Shell to connect to the cluster.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"32-clone-the-scim-examples-repository\">3.2: Clone the scim-examples repository<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#32-clone-the-scim-examples-repository\"><\/a><\/h3>\n\n\n\n<p>All the configuration files you need to deploy the SCIM bridge are available in the&nbsp;<a href=\"https:\/\/github.com\/1Password\/scim-examples\/\">scim-examples<\/a>&nbsp;repository on GitHub.<\/p>\n\n\n\n<p>Switch to the directory where you want to clone the repository, then run the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone https:\/\/github.com\/1Password\/scim-examples.git\n<\/code><\/pre>\n\n\n\n<p>Switch to the Kubernetes directory in the cloned repository:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd scim-examples\/kubernetes\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"33-upload-your-scimsession-file\">3.3: Upload your&nbsp;<code>scimsession<\/code>&nbsp;file<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#33-upload-your-scimsession-file\"><\/a><\/h3>\n\n\n\n<p>Before you create the Kubernetes Secret, upload your&nbsp;<code>scimsession<\/code>&nbsp;file to the Cloud Shell:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Click the \u201cUpload\/Download files\u201d button and choose Upload.<\/li><li>Find the&nbsp;<code>scimsession<\/code>&nbsp;file that you saved to your computer and choose it.<\/li><li>Make note of the upload destination, then click Complete.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/i.1password.com\/media\/azure-cloud-shell-upload.png\" alt=\"The Upload\/Download files button in Azure Cloud Shell\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"34-create-the-kubernetes-secret\">3.4: Create the Kubernetes Secret<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#34-create-the-kubernetes-secret\"><\/a><\/h3>\n\n\n\n<p>To create the Kubernetes Secret, run the following command:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Bash:<code>kubectl create secret generic scimsession --from-file=scimsession=\/home\/$USER\/scimsession<\/code><\/li><li>Powershell:<code>kubectl create secret generic scimsession --from-file=scimsession=\/home\/$Env:USER\/scimsession<\/code><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"35-deploy-1password-scim-bridge\">3.5: Deploy 1Password SCIM Bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#35-deploy-1password-scim-bridge\"><\/a><\/h3>\n\n\n\n<p>1Password SCIM Bridge uses a Redis instance to store and cache your Let\u2019s Encrypt TLS certificate. Deploy the configuration, 1Password SCIM Bridge, Redis, and the load balancer using the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f .\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"36-create-the-dns-record\">3.6: Create the DNS record<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#36-create-the-dns-record\"><\/a><\/h3>\n\n\n\n<p>1Password SCIM Bridge requires a public DNS record on a domain that you manage. Before you create the DNS record, get the external IP address of the load balancer:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl get services\n<\/code><\/pre>\n\n\n\n<p>If you don\u2019t see the IP address in the External IP column, wait a few minutes and try again.<\/p>\n\n\n\n<p>Add an&nbsp;<code>A<\/code>&nbsp;record that points to the public IP address for the load balancer. For example, if your domain is&nbsp;<code>example.com<\/code>, use&nbsp;<code>scim.example.com<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">TIP<\/h4>\n\n\n\n<p>All SCIM bridge traffic uses port 443. If you use Azure Firewall or are restricting ingress to 1Password SCIM Bridge, open port 443 for your Azure Kubernetes cluster. Let\u2019s Encrypt requires ingress on port 443 to renew the TLS certificate every 60 days.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"37-configure-and-enable-lets-encrypt\">3.7: Configure and enable Let\u2019s Encrypt<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#37-configure-and-enable-lets-encrypt\"><\/a><\/h3>\n\n\n\n<p>1Password SCIM Bridge uses a TLS certificate provided by Let\u2019s Encrypt to secure communication with your identity provider.<\/p>\n\n\n\n<p>Set the fully qualified domain name (FQDN) based on the DNS record you created in the last step (for example:&nbsp;<code>scim.example.com<\/code>) as the value for&nbsp;<code>OP_LETSENCRYPT_DOMAIN<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl set env deploy\/op-scim-bridge OP_LETSENCRYPT_DOMAIN=scim.example.com\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-4-test-your-scim-bridge\">Step 4: Test your SCIM bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-4-test-your-scim-bridge\"><\/a><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">IMPORTANT<\/h4>\n\n\n\n<p>Before you connect the SCIM bridge to your identity provider, make sure that you can connect to the SCIM bridge:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>over a secured (HTTPS) connection<\/li><li>with a valid TLS certificate<\/li><\/ul>\n\n\n\n<p>To check that the DNS has propagated and the SCIM bridge is deployed successfully, visit the domain you configured in the previous step in your browser. You\u2019ll see a 1Password SCIM Bridge status page. Enter your OAuth bearer token to verify it\u2019s correct.<\/p>\n\n\n\n<p>Use your bearer token and domain (for example:&nbsp;<code>scim.example.com<\/code>) to test the connection to 1Password:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl --header \"Authorization: Bearer &lt;bearer_token&gt;\" https:\/\/&lt;domain&gt;\/scim\/Users\n<\/code><\/pre>\n\n\n\n<p>If you see a list of the users in your 1Password account, your SCIM bridge is deployed correctly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-5-connect-your-identity-provider-to-the-scim-bridge\">Step 5: Connect your identity provider to the SCIM bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-5-connect-your-identity-provider-to-the-scim-bridge\"><\/a><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">IMPORTANT<\/h4>\n\n\n\n<p><strong>If you\u2019ve already been using 1Password Business<\/strong>, make sure the email addresses and group names in your 1Password account are identical to those in your identity provider.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If anyone is using a different email address in 1Password, ask them to change it.<\/li><li>If you have existing groups in 1Password that you want to sync with groups in your identity provider, adjust the group names in 1Password.<\/li><\/ul>\n\n\n\n<p>Because 1Password SCIM Bridge provides a SCIM 2.0-compatible web service that accepts OAuth bearer tokens for authorization, you can use it with a variety of identity providers.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">USER GUIDE<\/h4>\n\n\n\n<p>Learn how to connect your identity provider:<\/p>\n\n\n\n<p><a href=\"https:\/\/support.1password.com\/scim-azure-ad\/\">\u00a0Azure Active Directory<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Ref: <a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/\">Deploy 1Password SCIM Bridge on Azure Kubernetes Service<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With&nbsp;1Password Business, you can automate many common administrative tasks using 1Password SCIM bridge. It uses the System for Cross-domain Identity Management (SCIM) protocol to connect 1Password with your existing identity provider, like Azure Active Directory, JumpCloud, Okta, OneLogin, or Rippling. Step 1: Add provisioning to your 1Password account Before you can deploy 1Password SCIM Bridge, <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=4516\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1249,10,1431,497],"tags":[1440,1439],"class_list":["post-4516","post","type-post","status-publish","format-standard","hentry","category-azure-microsoft","category-microsoft","category-password-management","category-solutions","tag-1password-scim-bridge-azure-kubernetes","tag-deploy-1password-scim-bridge-on-azure-kubernetes"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4516"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4516\/revisions"}],"predecessor-version":[{"id":4517,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4516\/revisions\/4517"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}