First things first - I love to see the new SCIM integration and the ability to enforce 2FA via policy. 1Password is a lovely product.
Did, however, run into a faulty error message for the integration.
Given the nature of the integration, it makes good sense to filter inbound traffic before it reaches the SCIM bridge itself. We limit ours to only the IP ranges presented by our IDP.
The health monitoring for the SCIM integration is using a third party service - Checkly - to connect to the SCIM bridge. Per their information page, they don't maintain a list of addresses they might be connecting from; we cannot make a similar whitelist for their ranges without allowing all of AWS, which would sort of defeat the purpose. Thus, cannot use.
Additionally, if health monitoring is enabled, the error message in the 1Password integrations page is "There’s a problem with the SCIM bridge. Check its configuration and make sure it can connect to 1Password and your identity provider.", which is precise, helpful and incorrect ;-)
Figured I'd leave a note for the next person running into the same error; it could well be a red herring.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided