Connecting Vanta & 1Password
We connect to 1Password through their SCIM API, making read-only calls. To enable the 1Password SCIM feature, you must have a Business Account and set up a SCIM Bridge in your infrastructure. Currently, we don't support Google Workspaces. This is because Google Workspace does not support Vanta's SCIM protocol to connect with 1Password.
The SCIM bridge is a service deployed on your infrastructure that allows 1Password to convert SCIM commands to encryption key-based operations. Here is more information about why a SCIM bridge is necessary.
Before you can set up your SCIM bridge, you'll need the following:
- Administrator access in your 1Password Business account.
- A platform to deploy the SCIM bridge on. (Such as Google Cloud Platform, DigitalOcean, or your infrastructure).
- A public DNS record to point to the location of your SCIM bridge. For example, scim.example.com.
Deploying your SCIM bridge
Once you have all the requirements:
- Sign in to your account on 1Password.
- Click Integrations in the sidebar.
- Choose your identity provider from the User Provisioning section.
- Follow the onscreen instructions to generate the credentials on your SCIM bridge.
- Deploy your SCIM bridge.
After you complete the setup process, you'll get a scimsession file and bearer token. Make sure to save them both in 1Password. Here are some helpful examples of SCIM bridge deployment options: https://github.com/1Password/scim-examples/.
Testing your SCIM bridge
You can check if the SCIM bridge was correctly deployed by:
- Going to your custom SCIM domain (for example, scim.example.com).
- Login in with your credentials.
- There you will see your 1Password SCIM Bridge status page. There you can:
- Check any problems the SCIM bridge has found.
- Download logs that contain detailed activity information.
Integrating with 1Password
- From the left-hand navigation panel, select Integrations.
- From the Available tab, search for 1Password
- Select Connect
- Then you can fill out your credentials. Your SCIM bridge URL is where you deploy the bridge (for example, https://scim.example.com), and the SCIM bearer token is the one you saved during your SCIM bridge deployment.