SCIM Automated account confirmation

melanieq
melanieq
Community Member

Hello, Team!

We use SCIM bridge and Okta integration, thanks for great feature.
But, we didn't found much documentation on user invite process, especially on how-to auto confirm user accounts.
When we provision new account to 1Password from Okta, invite email is sent to new user, and when user sets up new account, admin user from Provision Manager group has to confirm new account.
Is it possible to auto confirm new accounts? And disable invitation link for Team Members to ensure that accounts are provisioned only by Okta? Will be useful, because managing Provision Manager group from Okta side is impossible for now.

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @melanieq,

    One of the core components of the SCIM Bridge is its ability to auto-confirm users who have accepted their email invites! This is one of the reasons the SCIM Server needs to keep running instead of just spinning up to provision/deprovision and then going away; it checks every five minutes for users to confirm.

    To give you an example, if you look in the logs, you should see messages along the lines of:

    [LOG] [1.3.1] 2020/05/04 20:47:35 (INFO) waiting for bearer token to begin provisioned user watcher
    ...
    (first request comes in)
    [LOG] [1.3.1] 2020/05/04 21:34:49 (INFO) starting provisioned user watcher
    [LOG] [1.3.1] 2020/05/04 21:34:49 (INFO) checking for accepted invitations from provisioned users
    

    The last line will repeat every five minutes as the SCIM Bridge checks for accepted invitations. This process should start automatically. Are you not seeing that happen?

    In general, unless you are looking to do manual user management or add to invited user vaults, only the Provision Manager needs to be within the Provision Managers Group. Additionally you cannot disable the invitation link. You will have to give your admins instructions to only invite users through Okta.

    If you need more personalised support, shoot an email to support+business@1password.com and send us some logs. We will be able to give you more targeted recommendations that way.

    Let me know what questions you have.

    Graham

This discussion has been closed.