Provisioning - Bearer token


We cannot enable the "Enforce two-factor authentication" option in our account because the Provisioning Manager can't provision via the SCIM bridge using the Bearer token if 2FA is enabled for that account. Is there a way to configure it so 2FA is not required when using the Bearer token auth for the Provisioning Manager or perhaps is there another factor that can be added to the SCIM bridge? (edited)

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • BenBen AWS Team

    Team Member

    Hi @fcalata_earnest

    At the moment these two configurations (SCIM Bridge and enforced 2FA) are mutually exclusive. That is a situation that we're taking a close look at though, as there are a fair number of teams that would like to be able to have both. So we can properly record your interest in this could you please drop an email note to our business team at [email protected] and in the email include a link to this thread ( That way we can keep in touch about any future solutions with regard to simultaneous use of these two features.



  • Sounds good. I've posted it there.

  • BenBen AWS Team

    Team Member

    Thanks! I see we've received your email and will be replying shortly. :)


    ref: GXW-69647-477

  • I strongly agree with @fcalata_earnest.
    2FA enforcement is normally required in organization who use IdP in order to secure their cloud-based applications, and it also required to do user provisioning for automatic identity and access management by IdP.

    We must reconcile these two important points. I also sent an email to [email protected] I look forward to future improvements.

  • ag_anaag_ana

    Team Member

    Thank you @kosuke_osada! We appreciate you taking the time to share this feedback :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file