Azure Kubernetes Service - SCIM Deployment

Completely new to Kubernetes and have only worked with Azure in hybrid environments. I'm trying to get a 1Password business account integrated into a blank Azure subscription. Azure Active Directory is already setup and working for O365 users.

I'm following through the documentation provided for setting up the SCIM bridge in an Azure Kubernetes cluster ( https://support.1password.com/cs/scim-deploy-azure/ ) and have some questions about step 3.6 regarding entering the domain for the LetsEncrypt TLS cert.

Should the domain being entered be your actual company domain linked to your O365 services (with the dns prefix set in step 3.2)? or should it be the API server address of the Kubernetes cluster that Azure creates?

From reading through the whole process, it seems it should be your company domain with the prefix attached --letsencrypt-domain=scim-dns.<DOMAIN>.com, then you create an A record DNS alias to redirect that prefix to the load balancer's public IP, but when trying it that way, I was unable to return anything with the curl commands for testing.

Any help is appreciated.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • cohix
    cohix
    1Password Alumni

    @PITS_CoopaLoopa You are correct that you should create an A record pointing to the LB associated with the bridge. After that point, you can enter the FQDN into the domain field on the setup screen, which will configure the TLS cert automatically.

    You'll notice after you verify the domain that the webpage will automatically switch to HTTPS, which should be your indicator that everything succeeded.

    Let me know if you have any other questions.

  • PITS_CoopaLoopa
    PITS_CoopaLoopa
    Community Member

    @cohix Still confused on getting the DNS record configured and actually working. I'm setting it up as a DNS zone within Azure. Maybe it would be best to take this to a support ticket so I can figure out what I'm doing wrong.

  • PITS_CoopaLoopa
    PITS_CoopaLoopa
    Community Member

    I'll throw my reply in here just in case it helps anyone else. Despite the domain being configured and synced within Azure and all of the exchange email coming through O365, the DNS records were actually being published through a third-party hosting platform where the domain names were purchased. Creating the A record for the load balancer within their dashboard immediately solved the issue I was having and allowed me to finish configuring the SCIM bridge.

  • cohix
    cohix
    1Password Alumni

    @PITS_CoopaLoopa Ah I'm sorry, I think I misunderstood what you were referring to (Azure's terminology always gets me confused). I'm glad you were able to solve the issue.

This discussion has been closed.