Deposit credential in private vault?

Situation: I'm looking to move off OKTA to GCP SSO. GCP/workspace is currently federated to OKTA, we are using SCIM provisioning from OKTA to 1password. So all staff currently have private vaults.
When we sever the federation, folks will need to setup credentials in Google workspace.

Question:
I'm wondering if I can use the 1password api to deposit the credentials for their workspace account in their private vault? (instead of having to make them enroll manually).

The api docs appear to allow adding to vaults https://support.1password.com/connect-api-reference/#add-an-item but don't mention if there are issues with private vaults or what sort of permissions would be needed.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @jbryner,

    Our integrations team will be happy to help. First, to get in contact with them, please send an email to support@1password.com using the email address associated with your 1Password account. After you send the email, please feel free to post the ticket number you receive from our system so we can locate your message and connect it with this Community discussion.

  • jbryner
    jbryner
    Community Member

    Thanks will do!

  • :) :+1:

  • jbryner
    jbryner
    Community Member
    edited January 2022

    I didn't get a ticket number, (unless this in the subject is the ticket: #AMA-62781-647 ) but I did get a response. Unfortunately sounds like there isn't a way to get there via an api:

    "I'm afraid there isn't a way to save credentials in another users Private vault - either via our Connect API or your account's web interface. The only person who can add / edit items within a Private vault is the owner of the vault themselves - as they're the only person with the keys to read / write to this vault.

    One option I can think of would be to script something using our Command Line Tool. With the CLI tool, you could:

    Create a new vault:
        op create vault [vault-name]
    
    Create a new item containing the user's credentials:
        op create item Login password=--generate-password username="email@domain.com" --title "Google Workspace" --url "google.com" --vault [vault-name]
    
    Share the vault with the appropriate user:
        op add user [user-email-address] [vault-name]
    

    "
    I asked about 'sharing' a credential to a user, that is an option but there isn't any automation available for sharing at the moment.

  • I appreciate you sharing that helpful update, @jbryner.

    Sorry to hear the 1Password Connect API isn't capable of populating Private vaults. Hopefully we can see improvements in this area in the future.

    I didn't get a ticket number, (unless this in the subject is the ticket: #AMA-62781-647 )

    Yep, that's the ticket number. Please let our team know if we can be of any help going forward.

This discussion has been closed.