Switch SCIM Bridge to new Azure Kubernetes Service

ThomasRe
ThomasRe
Community Member

Hi,
I'm using SCIM Bridge on Azure Kubernetes service which works fine.
Now I need to switch to a new Azure Subscription and therefore I have to deploy a new SCIM bridge.

What's the best way to do this, that no user will lose access to 1Password?
Can I build a second scim bridge with a new URL but the same scimsession file an then change my Enterprise application in Azure AD to new URL?

Thanks
Thomas


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi Thomas!

    As the SCIM bridge is not an SSO gateway, you can take down the SCIM bridge and put it back up without users losing access. The only issue could be either Provisioning or Deprovisioning events being missed.

    If you wish to do an in-place upgrade, you can start up a second SCIM bridge with the same authentication file on a different domain, and then switch over the URL in your identity provider. After that point, you can terminate the old instance.

    Alternatively, you could do a similar seamless switch via your DNS records. However in this case, if you are using our bundled LetsEncrypt server, I would be cautious regarding certificate validity and their rate limits.

    If an in-place upgrade is not possible, I would do the following:
    1. Turn off provisioning in 1Password
    2. Pause/Turn off provisioning in your identity provider
    3. Replace the SCIM bridge
    4. Resume provisioning in 1Password
    5. Resume provisioning in your identity provider

    By pausing provisioning on both ends, you ensure no events will be missed. Any events during that time should be queued by your identity provider and then relayed to 1Password once provisioning resumes.

    Let me know what questions you have.

    Graham

This discussion has been closed.