Help deploying SCIM bridge using Docker

I'm trying to integrate 1Password with Okta and I've set up the SCIM bridge on a server in our hosting environment. The problem is that after I enter the API token and the url for the scim bridge, Okta says the credentials are not correct ("invalid credentials. Please verify and try again"). I know for a fact that the url to the scim bridge server is correct (with correct port, even, 3002) and the api token (bearer token) is also correct, so I'm not sure what part of the process is not working. Additional info from Okta logs show: "failure: No results for users returned." We've been trying to troubleshoot this for a few days now and we are pretty sure that everything is setup correctly with the SCIM server (in Aptible, which uses a Dockerfile). Is there a way for me to test this somehow outside of Okta to see if I can better pinpoint what part of our setup is broken? I submitted a request about this, but have not heard back yet and we're really itching to deploy 1Password Biz for our workforce. Thanks in advance for any help/insight.
Joe


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:scim

Comments

  • Welp, I figured it out. You guys should REALLY, REALLY updated your documentations here (https://support.1password.com/scim/) and here (https://support.1password.com/scim-okta/) with the correct BASE URL. It is supposed to be {SCIM_server_url}:3002/scim. The /scim part was what threw me off for several days of wrestling with this. None of your documentation mentions that, and I actually got the answer from a kind user in an Okta forum who responded a similar post I put there for help. That person said he also experienced the same issue a while back and got the answer from 1Password support, but the documentation was never updated. Please update the docs so the next person doesn't struggle through what should be the most trivial aspect of the setup process.
    Thanks,
    Joe

  • rickfillionrickfillion Junior Member

    Team Member

    Hey @jadu,

    I'm sorry that this wasn't better documented. We're in the process of fixing up the SCIM bridge so that it'll work either way to make sure that others don't get tripped up by that in the future.

    Rick

  • cosinepicosinepi
    edited October 3

    For those having issues, it also took me a few weeks to figure this out because of the horrible documentation, I thought I did something wrong and recreated the servers using all the provided examples.

    However, I was finally able to authenticate using: https://{URL}:443/scim

    Joe - Thanks or the hint

    My Setup:
    Okta
    Amazon EKS
    Elastic IP
    Using the VPC wizard to set up public/private subnets with the proper tags.

    Thanks,
    Tien

  • brentybrenty

    Team Member

    Probably would have been better to contact your 1Password Business rep at [email protected]. We're always happy to help. Thanks for taking the time to leave us feedback here now though. Cheers! :)

  • Yeah, I eventually found that email after I'd resolved the issue. It's just such a simple fix to include in the docs, and it'll prevent an email to support or unnecessary agony. Just adding in the docs that the URL should include /scim would save the next person some time (unless the fix that @rickfillion mentioned above has now been implemented).

    Thanks,
    Joe

  • ag_konstantinag_konstantin

    Team Member

    Hi @jadu, hi @cosinepi,

    Thank you very much for reaching out and leaving us important feedback. We truly appreciate your help in identifying this issue and we are sorry this has not been spotted earlier. We have implemented the solution and it will be made available in the next SCIM bridge release.

    Kind regards,
    Konstantin

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file