Okta SCIM Bridge Not Connecting even with Provisioning On.
Hi friends,
I've been banging my head on this one since yesterday. We're on 1Password Business, and had a series of events that lead us here.
User was left in Pending and did not get automatically confirmed.
Attempted to use access logs on SCIM bridge but unable to get in as we didn't have our bearer token
Attempted to regenerate tokens, but at the time didn't know how to update said tokens in SCIM bridge.Figured that we would spin a new GCP Kubernetes Cluster up and store the bearer token on a new integration
Updated the DNS record for our scim provisioning site with the new Cluster external IP
Disabled/rmoved the old Integration and removed it and was deferring for the new SCIM bridge.
Turned on Provisioning Users and Groups on 1Password Admin for the Integration
Unable to use the bearer token in Okta to complete as we get the re-occuring error: Error authenticating: No results for users returned”
Turned off Provisioning Users and Groups, and noticed the Org users were suspended sometime during this process
Managed to use 1Password CLI and a slapped together shell script to reactivate it automatically, but noticed some users were in a Recovery Pending state.
I guess I'm hoping to get some help with these questions:
What would I be missing with getting Okta working with the SCIM bridge
What are the chances of going through the process to re-enabling this again that we encounter an org suspend event again?
Thanks for taking the time to read this!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi @rand0muser 👋
Thanks for reaching out! Sharing a few questions below to help us gather more context.
"What would I be missing with getting Okta working with the SCIM bridge":
- Initially when the user was left in Pending, did this only occur for a single user? Were you able to check the status of the SCIM bridge at this point?
- After setting up the SCIM bridge again, are newly created users still stuck in the Pending state, or is this issue resolved? More specifically, which aspect isn't working in the integration between your SCIM bridge and Okta at this point?
"What are the chances of going through the process to re-enabling this again that we encounter an org suspend event again?":
- Were all of the users in the org suspended, including active users? Or were they specific users from a group, with a particular status?
Thanks!
0 -
Hey @Jamie1P ,
Initially when the user was left in Pending, did this only occur for a single user? Were you able to check the status of the SCIM bridge at this point?
** It looked like it was for multiple users who were on a new cohort. I was unable to access the SCIM Bridge at the time as we didn't have the bearer token stored anywhere, and I didn't realize the regenerate credentials and what next steps wre for that.After setting up the SCIM bridge again, are newly created users still stuck in the Pending state, or is this issue resolved? More specifically, which aspect isn't working in the integration between your SCIM bridge and Okta at this point?
** I believe that the users that were moved to Active, I had a note from the person affected that it was working. I think the aspect right now is, getting SCIM bridge to talk with Okta.Were all of the users in the org suspended, including active users? Or were they specific users from a group, with a particular status?
** It looked like everyone in the org was suspended, including Active Users. We have all org users in an Okta Push Group, so it might have been affected by that, but I'm unsure.
I hope that helps and I eagerly await a response.
Thanks!
0 -
Thanks for sharing these details. Now that users are active and not suspended, is the newly-setup SCIM bridge configured with Okta, or is it still returning the message "Error authenticating: No results for users returned”? If this error message is still returning, it might be specific to Okta because the message is not referenced in our SCIM bridge validation logic.
I spent some time digging into factors that cause mass users to be suspended, but due to the multitude of factors that can impact this, we'd be able to better narrow down the root cause of the issue with logs from your end.
For this reason, I'd encourage you to connect with our support team in order to share your logs and other details, like your SCIM bridge version. To do this, you can send an email from the email address associated with the account in question to
support+forum@1password.com.
You'll also want to mention the following:- Your user name here in the forum: rand0muser
- A link to this discussion: https://1password.community/discussion/148512/okta-scim-bridge-not-connecting-even-with-provisioning-on
This should help our support team link the support request to this forum discussion.
0
