Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
CloudFlare's proxying & the 1Password SCIM bridge
I'm looking for a definitive answer to the question "Is there any way to use CloudFlare's proxying with the 1Password SCIM bridge?" From my own personal experience, all signs seem to point to "no", but surely there must be a way? Any time I've enabled proxying on the SCIM bridge's `A` record, it always causes trouble with the `certificate-manager`, which results in certs not being renewed, which then causes the bridge to stop working completely. So is proxying completely out of the question? Or is there some way to get it working? Thanks!
SCIM Bridge
Why is the SCIM Bridge needed? If I already have to create an Enterprise Application in Azure, then the SCIM bridge really becomes an unnecessary and overcomplicated step. I should not have to register a new domain or spin up a separate VM just to get an integration to pull accounts automatically. As an MSP and reselling this to potentially 50 different organizations, this step becomes very time-consuming and wasteful.Improvements to 1Password Community coming May 22nd
Since re-launching 1Password Community in February, we’ve been taking note of every piece of feedback you’ve all shared so we can continue to make improvements. One trend we’ve seen in the feedback is that we need to make it clearer what posts should go where. The feedback also made it clear that we needed to simplify the navigation so people can get where they want to go quickly and easily. To that end, on Thursday, May 22nd we’ll be re-organizing 1Password Community to make it easier to navigate, find what you’re looking for, and know where to post. We’ll be simplifying the discussion board structure, reducing clutter on the 1Password Community homepage and in the navigation bar at the top of every page. We know lots of folks come here for support, so we’ve also added Get help to the main navigation to help you find existing answers, post a new question in the community, or contact 1Password Support. We hope you’ll find these updates helpful! What’s changing? In the new structure, we’ll have the following discussion boards: Announcements: This is a new discussion board where 1Password staff can share news and updates. 1Password at work: If you’re using 1Password products in your business, this is the best place to get help and share what you’ve learned. 1Password at home: This is the place to get help and talk about all things 1Password for personal cybersecurity and privacy. Developers: Just like before, we’ll continue to have a space for developers to chat with each other and members of the 1Password team. Lounge: Just like before, this space is for off-topic, just-for-fun, and 1Password-adjacent topics. Current discussion boards New discussion boards Lounge Lounge Password Manager 1Password at home Device Trust 1Password at work Passage Developers Developers Developers 1Password Administrators 1Password at work 1Password Developers: SDKs Developers Announcements Do I need to do anything? Nope! Your profile and credentials will stay the same. Will any posts be going away? No, any posts in discussion boards that are being retired will be moved to other discussion boards so that nothing is lost. For any bookmarked discussions that are moved, their old url will redirect you to the new one. When will these changes happen? These changes are scheduled for Thursday, May 22nd. We will share any updates if that changes. Staff will be standing by to help with any questions or concerns. If you have any feedback, please don’t hesitate to reply to this thread. We love to hear from you and will continue to make improvements based on your feedback. Beyond these imminent changes, you can also start new discussion threads in the Lounge and use the tag Community Feedback at any time to share your suggestions!
You are not in the Provision Managers group" Error Despite Proper Setup
We are encountering an issue when attempting to perform user management actions via the 1Password CLI. Even after enabling provisioning and creating a "Provisioning Manager" group with the "Provision People" permission (as per the documentation), and adding our dedicated provisioning account to this group, the following error persists: [ERROR] 2025/04/29 06:10:15 You are not in the Provision Managers group. Could you please assist in identifying what might be missing? We would also appreciate a step-by-step guide to properly configure and use the user management CLI actions as outlined in your documentation here: https://developer.1password.com/docs/cli/reference/management-commands/user Thank youSCIM: Sync question
I’ve successfully set-up SCIM Bridge with our Google Workspace instance. However, I have a couple of users that were already set-up 1password with a different e-mail (same domain). This email does not exist anymore in our GW directory as a primary account, but IS set as an Alias to the ‘correct’ E-mail. as an example: current email in 1password before sync: j.smith@domain.com correct email in GW: john.smith@domain.com j.smith is in the group ‘all users’ to be synced with gw j.smith is also in another group called ‘office’ in 1password john.smith is in a group called ‘office’ in GW. The result is that the scim bridge did ‘sync’ de account so that it now is manageable via idp (GW), but it did NOT add it to the office group. In fact, it actually removes it from that group. That kinda makes sense because the email doesn’t match; j.smith doesn’t exist in GW as a primary email (only as an alias). so now I have 2 questions. How come the account was ‘taken’ by the scim bridge/1password while the primary email didn’t match? How do i fix this, so that I don’t have to temper with the GW account (aka the result is that the j.smith account changes to john.smith) Anyone able to make sense out this?SCIM Bridge Fails Sync
We're running SCIM Bridge 2.9.9 and the only method to achieve a successful sync and subsequent provisioning of accounts, is by logging into the Bridge and manually executing the "Sync Groups" function. All 5 status indicators in the Bridge are green and state "Connected", the Google Workspace User Provisioning integration within our 1Password console reflects "Good" health, successful connection with the bridge, and Provisioning users and groups is enabled. There is an error in the SCIM log about a certificate, but it does not prohibit a successful sync with the "Sync Groups" groups function in the bridge. Log snippet with IP Address redacted: "certificate is not allowed for server name xxx.xxx.xxx.xxx: certificate for 'xxx.xxx.xxx.xxx' is not managed","domain":"xxx.xxx.xxx.xxx","time":"2025-04-11T00:05:55Z","message":"certificate manager error while getting certificate" There are no other errors in the log. Please advise
AzureAD - SCIM provisioning (without SCIM bridge container) - FEATURE REQUEST
We would prefer not to have to manage the SCIM bridge container. Most SCIM-enabled applications allow SCIM provisioning via AzureAD's built-in integration. This only requires a SCIM token and the URL for the application's API endpoint: - https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups Is this feature on the roadmap for future release? If not, please let me know the correct channel to officially submitting a new feature request. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not Provided
Azure SCIM Failed to Sync - Structure of request was invalid
Dear community, Since a few days, we experience a Azure 1Password SCIM issue where some groups fail to sync to 1Password. Azure SCIM Provisioning logs show the following error: Result: Failure Description: Failed to create Group 'groupname' in customappsso Details: failed to create group: The structure of request was invalid. Error log in '1Password SCIM Bridge': Validation: (400) (Bad Request), The structure of request was invalid. To us, it seems like this is related to the group-name-length of the particular groups (max 71 characters). Other groups synchronize successfully without any issues or errors. Is there a limit on how many characters a groupname can be, for the 1Password SCIM bridge?
