Troubleshooting SCIM bridge

lextech
lextech
Community Member
edited June 2021 in SCIM Bridge

I am working on automated provisioning with Okta using the following ECS / Fargate example: https://github.com/1Password/scim-examples/tree/master/aws-ecsfargate-terraform.

We have deployed the SCIM bridge and configured the domain but are not able to complete the last step requested to sign in to connect 1password, we can log in with the provisioning manager account but the domain remains in an uncompleted last step to connect the account.

The troubleshooting doc suggests entering the bearer token, but that is not a visible option as we are redirected to the sign-in page: https://support.1password.com/scim-troubleshooting/

On the Okta configuration, we have an error provisioning Error authenticating: No results for users returned

Is there another way in which I could use the bearer token to validate the SCIM bridge and avoid the redirect to login?


1Password Version: 1060
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • lextech
    lextech
    Community Member
    edited June 2021

  • lextech
    lextech
    Community Member

    Edit :

    Following the suggestions from Okta community, in the 1password business application, I have added the /scim path to the base URL and received the expected error related to the scim bridge not being completed.

  • DJ_1P
    DJ_1P
    1Password Alumni

    Hi @lextech !

    When you click on the Sign in with 1Password button, you'll want to ensure that you login with an administrator account to complete the setup; generally signing in with the Provision Manager's account is not recommended. After this step is done and you've navigated back to your SCIM url, you should see a page that will request your bearer token to be entered there.

    If you are running into a loop, where you are signing in with an administrator account at this step but are continuously redirected to the page where you need to click the Sign in with 1Password button, you will want to check your SCIM logs on your container/pod for any errors related to your scimsession file, as it may not be properly installed or for any additional errors that may be helpful in figuring out what's stopping the setup from reaching a completed state.

  • lextech
    lextech
    Community Member

    Hi @DJ_1P,

    Thank you for your clarification of the expected response.

    I have updated the scim session issued using the admin account instead of the provisioning account but I have continued to fall into the loop of Sign in with 1Password . Unfortunately our ECS/Fargate configuration created using the template https://github.com/1Password/scim-examples/tree/master/aws-ecsfargate-terraform is not producing any errors in the logs at this point to begin further troubleshooting. I appreciate the assistance and I have also contacted support to hopefully gain some clarity.

  • DJ_1P
    DJ_1P
    1Password Alumni

    Thanks for the update @lextech! We will be on the look out for your support request.

This discussion has been closed.