SCIM Azure UPN/Email
Hello!
We have recently implemented a tiering model for servers/applications, and we are looking to do the same for 1Password. Having access codes associated with our regular account could pose a security risk. Accounts are provisioned with SCIM from Entra ID, but tiered accounts have a different email than their UPN. How can I send the invitation to a different email address?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi @Jesper2665
Thanks for writing in.
Have you tried by configuring additional domains to support? From your invitations page, you can define the allowed email domains that the SCIM connection can provision users from.0 -
Hi @hemal.g_1p
The domain is the same, however, the username is not. For example, the username admin-abc@company.com has an email called abc@company.dk. I am interested in actually sending out the invitation to the email attribute that's been provisioned instead of the UPN.0 -
Thanks for explaining your usecase.
As you create the Enterprise Application for provisioning in Entra ID, the default mapping for provisioning users is based off the UPN attribute. You may change the 1Password Business Enterprise App, to provision users off the mail attribute instead of UPN, this can be found within the Enterprise Application > Mappings > User Mappings. Select the first line and change the source from UPN to mail.
Caution here in this step is it will also send email address change notification to those who have differentiating UPN and email since the attribute is a global setting within the enterprise app.
As side note(could be unrelated in your instance): for users leveraging Sso we advise this step of configuring optional UPN claims.
0
