{"id":5239,"date":"2025-01-02T11:32:46","date_gmt":"2025-01-02T19:32:46","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=5239"},"modified":"2025-01-02T11:32:48","modified_gmt":"2025-01-02T19:32:48","slug":"how-to-deploy-1password-scim-bridge-on-azure-container-apps","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=5239","title":{"rendered":"How to Deploy 1Password SCIM Bridge on Azure Container Apps"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"step-1-add-provisioning-to-your-1password-account\">Step 1: Add provisioning to your 1Password account<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-1-add-provisioning-to-your-1password-account\"><\/a><\/h2>\n\n\n\n<p>Before you can deploy 1Password SCIM Bridge, you\u2019ll need to add the provisioning integration and get credentials for it. Click&nbsp;<strong>Get Started<\/strong>, sign in to your 1Password account, and follow the onscreen instructions.<\/p>\n\n\n\n<p><a target=\"_blank\" href=\"https:\/\/start.1password.com\/integrations\/provisioning\" rel=\"noreferrer noopener\">Get Started<\/a><\/p>\n\n\n\n<p>If you see the details for an existing provisioning integration, you\u2019ll need to deactivate it first. Click&nbsp;<strong>More Actions<\/strong>&nbsp;and choose&nbsp;<strong>Deactivate Provisioning<\/strong>.<\/p>\n\n\n\n<p>After you complete the setup process, you\u2019ll get a&nbsp;<code>scimsession<\/code>&nbsp;file and bearer token. Save them both in 1Password and save the&nbsp;<code>scimsession<\/code>&nbsp;file to your computer. You\u2019ll need these to deploy the SCIM bridge and connect your identity provider.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Important<\/h4>\n\n\n\n<p>The bearer token and&nbsp;<code>scimsession<\/code>&nbsp;file you receive during setup can be used together to access information from your 1Password account. You\u2019ll need to share the bearer token with your identity provider, but it\u2019s important to&nbsp;<strong>never share it with anyone else<\/strong>. And never share your&nbsp;<code>scimsession<\/code>&nbsp;file with&nbsp;<strong>anyone at all<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-2-deploy-your-scim-bridge\">Step 2: Deploy your SCIM bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-2-deploy-your-scim-bridge\"><\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"21-load-the-container-app-template\">2.1: Load the Container App template<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#21-load-the-container-app-template\"><\/a><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Download the&nbsp;<a href=\"https:\/\/github.com\/1Password\/scim-examples\/blob\/main\/azure-container-apps-arm\/aca-op-scim-bridge-template.json\">Azure Resource Manager template file.&nbsp;<\/a><\/li>\n\n\n\n<li>Sign in to your account on the Microsoft Azure portal and navigate to the&nbsp;<a href=\"https:\/\/portal.azure.com\/#create\/Microsoft.Template\">Deploy a custom template page.&nbsp;<\/a><\/li>\n\n\n\n<li>Choose&nbsp;<strong>Build your own template in the editor<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Load file<\/strong>&nbsp;and choose the template file you downloaded earlier.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"22-configure-and-deploy-the-container-app\">2.2: Configure and deploy the Container App<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#22-configure-and-deploy-the-container-app\"><\/a><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Fill out the following fields:\n<ul class=\"wp-block-list\">\n<li><strong>Subscription<\/strong>: Choose the subscription you prefer.<\/li>\n\n\n\n<li><strong>Resource group<\/strong>: Choose an existing Resource Group or create a new one.<\/li>\n\n\n\n<li><strong>Region<\/strong>: Choose the region you prefer.<\/li>\n\n\n\n<li><strong>Container App Name<\/strong>: Enter a name you\u2019d like to use. By default, the name is&nbsp;<code>op-scim-con-app<\/code>.<\/li>\n\n\n\n<li><strong>Container App Env Name<\/strong>: Enter a name you\u2019d like to use. By default, the name is&nbsp;<code>op-scim-con-app-env<\/code>.<\/li>\n\n\n\n<li><strong>Container App Log Analytics Name<\/strong>: Enter a name you\u2019d like to use. By default, the name is&nbsp;<code>op-scim-con-app-log-analytics<\/code>.<\/li>\n\n\n\n<li><strong>Scimsession<\/strong>: Paste the contents of your&nbsp;<code>scimession<\/code>&nbsp;file.<\/li>\n\n\n\n<li><strong>Workspace Actor:<\/strong>&nbsp;If you use&nbsp;<a href=\"https:\/\/support.1password.com\/scim-google-workspace\/\">Google Workspace<\/a>&nbsp;as your identity provider, enter the email address of a Google Workspace administrator for the service account. If you don\u2019t use Google Workspace, leave this field blank.<\/li>\n\n\n\n<li><strong>Workspace Credentials<\/strong>: If you use&nbsp;<a href=\"https:\/\/support.1password.com\/scim-google-workspace\/\">Google Workspace<\/a>&nbsp;as your identity provider, paste the contents of the&nbsp;<code>.json<\/code>&nbsp;key file you downloaded as part of the Google Workspace setup. If you don\u2019t use Google Workspace, leave this field blank.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click&nbsp;<strong>Review + create<\/strong>.<\/li>\n\n\n\n<li>After the validation succeeds, click&nbsp;<strong>Create<\/strong>. The deployment will take a few minutes.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-3-test-your-scim-bridge\">Step 3: Test your SCIM bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-3-test-your-scim-bridge\"><\/a><\/h2>\n\n\n\n<p>After your SCIM bridge is deployed, run this test to make sure it\u2019s online:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Click&nbsp;<strong>Go to resource group<\/strong>&nbsp;and choose the container app you created.<\/li>\n\n\n\n<li>Choose&nbsp;<strong>Overview<\/strong>&nbsp;in the sidebar, then click the&nbsp;<strong>Application Url<\/strong>&nbsp;link. This is your SCIM bridge URL.<\/li>\n\n\n\n<li>Sign in with your bearer token and verify that your SCIM bridge is connected to your 1Password account.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-4-connect-your-identity-provider-to-the-scim-bridge\">Step 4: Connect your identity provider to the SCIM bridge<a href=\"https:\/\/support.1password.com\/scim-deploy-azure\/#step-4-connect-your-identity-provider-to-the-scim-bridge\"><\/a><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">Important<\/h4>\n\n\n\n<p><strong>If you\u2019ve already been using 1Password Business<\/strong>, make sure the email addresses and group names in your 1Password account are identical to those in your identity provider.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If anyone is using a different email address in 1Password, ask them to change it.<\/li>\n\n\n\n<li>If you have existing groups in 1Password that you want to sync with groups in your identity provider, adjust the group names in 1Password.<\/li>\n<\/ul>\n\n\n\n<p>Because 1Password SCIM Bridge provides a SCIM 2.0-compatible web service that accepts OAuth bearer tokens for authorization, you can use it with a variety of identity providers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Connect Microsoft Entra ID to 1Password SCIM Bridge<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-1-add-1password-business-as-a-custom-application\">Step 1: Add 1Password Business as a custom application<a href=\"https:\/\/support.1password.com\/scim-entra-id\/#step-1-add-1password-business-as-a-custom-application\"><\/a><\/h2>\n\n\n\n<p>To add 1Password Business as a custom application in Entra ID:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Click&nbsp;<strong>Microsoft Entra ID<\/strong>, then select&nbsp;<strong><a target=\"_blank\" href=\"https:\/\/portal.azure.com\/#blade\/Microsoft_AAD_IAM\/ActiveDirectoryMenuBlade\/EnterpriseApps\" rel=\"noreferrer noopener\">Enterprise applications&nbsp;&nbsp;<\/a><\/strong>&nbsp;in the sidebar.<\/li>\n\n\n\n<li>Click&nbsp;<strong>New application<\/strong>, then click&nbsp;<strong>Create your own application<\/strong>.<\/li>\n\n\n\n<li>Enter \u201c1Password Business\u201d for the name of the app and select&nbsp;<strong>Integrate any other application you don\u2019t find in the gallery (Non-gallery)<\/strong>. Then click&nbsp;<strong>Create<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>You\u2019ll see the details of the application you just created. Continue to the next section to configure it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-2-configure-the-application\">Step 2: Configure the application<a href=\"https:\/\/support.1password.com\/scim-entra-id\/#step-2-configure-the-application\"><\/a><\/h2>\n\n\n\n<p>On the 1Password Business application details page:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Click&nbsp;<strong>Users and groups<\/strong>&nbsp;in the sidebar, then add the users and groups you want to provision to 1Password.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Provisioning<\/strong>&nbsp;in the sidebar, then click&nbsp;<strong>Get Started<\/strong>.<\/li>\n\n\n\n<li>Set Provisioning Mode to&nbsp;<strong>Automatic<\/strong>.<\/li>\n\n\n\n<li>Enter your Tenant URL and Secret Token.<strong>Tenant URL:<\/strong>&nbsp;the URL of your SCIM bridge (not your 1Password account sign-in address). For example:&nbsp;<code>https:\/\/scim.example.com<\/code>If you don\u2019t know your URL, make sure you\u2019ve&nbsp;<a href=\"https:\/\/support.1password.com\/scim\/\">set up and deployed the SCIM bridge<\/a>.<strong>Secret Token:<\/strong>&nbsp;the bearer token for your SCIM bridgeLearn what to do&nbsp;<a href=\"https:\/\/support.1password.com\/scim-troubleshooting\/#if-you-lose-your-bearer-token-or-session-file\">if you don\u2019t have your bearer token<\/a>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Test Connection<\/strong>, then click&nbsp;<strong>Save<\/strong>&nbsp;and click X (Close) in the top right.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Edit Provisioning<\/strong>.<\/li>\n\n\n\n<li>If you want to use custom attribute mappings, click&nbsp;<strong>Mappings<\/strong>&nbsp;and&nbsp;<a href=\"https:\/\/support.1password.com\/scim-entra-id\/#appendix-attribute-mappings\">refer to the default mappings below<\/a>.<\/li>\n\n\n\n<li>Set&nbsp;<strong>Provisioning Status<\/strong>&nbsp;to&nbsp;<strong>On<\/strong>&nbsp;and click&nbsp;<strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/i.1password.com\/media\/azure-provisioning-2022.png\" alt=\"The Provisioning page with Provisioning Mode set to Automatic, the Tenant URL and Secret Token, and Provisioning Status set to On\"\/><\/figure>\n\n\n\n<p>Ref: <a href=\"https:\/\/support.1password.com\/scim-entra-id\/\">Connect Microsoft Entra ID to 1Password SCIM Bridge<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Step 1: Add provisioning to your 1Password account Before you can deploy 1Password SCIM Bridge, you\u2019ll need to add the provisioning integration and get credentials for it. Click&nbsp;Get Started, sign in to your 1Password account, and follow the onscreen instructions. Get Started If you see the details for an existing provisioning integration, you\u2019ll need to <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=5239\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1734,238,239,497],"tags":[1835,1836],"class_list":["post-5239","post","type-post","status-publish","format-standard","hentry","category-1password","category-cloud","category-azure","category-solutions","tag-connect-microsoft-entra-id-to-1password-scim-bridge","tag-deploy-1password-scim-bridge-on-azure-container-apps"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5239"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5239\/revisions"}],"predecessor-version":[{"id":5240,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5239\/revisions\/5240"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}