SCIM bridge provisioning gives 500 Internal Server Error

Options
markvanderhurk
markvanderhurk
Community Member
in SCIM Bridge

Hi, I have recently upgraded from 1Password Teams to 1Password Business and today I started setting up the automated provisioning. I would like to have connected to EntraID, and, as we are primarily on the Microsoft 365 platform, I was happy to see that the Azure Kubernetes SCIM bridge option was offered. I followed the instructions and successfully set up the Kubernetes instance. I updated the DNS records, and now I can see the status page at https://scim.{ourdomainname}.com/app/status. (I masked it for privacy, but I don't use the curly brackets, of course - same goes for the rest of the explanation)
The manual described creating an Azure Enterprise application, and this is where I get stuck. Filling out the tenant URL https://scim.{ourdomainname}.com and the bearer token - exactly the same one as I successfully use to access the status page above - gives me an error message:

You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account.

Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
Details: We received this unexpected response from your application:

Received response from Web resource.
   Resource: https://scim.{ourdomainname}.com/Users?filter=userName+eq+"651022bd-56a1-4345-{some other numerics}"
   Operation: GET 
   Response Status Code: InternalServerError
   Response Headers: Content-Security-Policy: default-src 'none'; connect-src 'self' https:; script-src 'self'; img-src 'self' data: https://w3.org; style-src 'self'; frame-ancestors 'none'; form-action 'none'; manifest-src 'self'
Referrer-Policy: no-referrer
Request-Id: cl2d9d9pvf4s73d90gbg
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Robots-Tag: none
X-Xss-Protection: 1; mode=block
Date: Fri, 03 Nov 2023 11:08:38 GMT
   Response Content: {"detail":"500 (Internal Server Error)","schemas":["urn:ietf:params:scim:api:messages:2.0:Error"]}

Please check the service and try again.

I am not sure how to proceed, as I would deduct this as something that has to do with the image I deployed to Kubernetes. Could it be that there's something wrong with that, or am I missing something?

Thanks in advance.
-- Mark

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • RonD1P
    RonD1P
    Options

    Hey, @markvanderhurk!

    Looking at this more closely, the problem is most likely that your Automated User Provisioning is paused.

    To fix this, can you follow these steps please:

    1. Log into your 1Password account on the web.
    2. Click Integrations.
    3. Click the User Provisioning tile.
    4. Click the slider for Provisioning users & groups.

    Let me know if this helps get things back on track.

  • markvanderhurk
    markvanderhurk
    Community Member
    Options

    Thanks Ron, that solved the issue! I tried to see if that was mentioned in the help docs, as far as I could see it wasn't - maybe explicitly add it?