Skip to main content
1Password Connection
Updated over a week ago

Integrating 1Password with Drata automates your user access reviews, saving time and reducing errors by syncing user data directly from 1Password.

Prerequisites

  • 1Password currently does not support IAM API endpoints for SCIM Bridges connected to Google Workspace for User Provisioning.

    • As a workaround, a second 1Password SCIM Bridge can be deployed to service this IAM connection. This second SCIM Bridge must use the same scimsession file, and must not be connected to Google Workspace.

  • Ensure you have Administrator privileges within your 1Password account.

    • 1Password requires account holders to deploy an independent SCIM Bridge to support User data and provisioning through API. Learn more about the setup requirements and deployment process in 1Password Support.

    • An Identity Provider (IDP) is not required to configure this integration, but note that the SCIM Bridge setup may vary for connection with different IDPs.

  • Enable 1Password User Provisioning.

    1. Log in to your 1Password account with your Administrator credentials.

    2. Navigate to Integrations, and select your listed Identity Provider to proceed. If you do not wish to connect to an IDP, select Okta to be used as the default.

    3. Based on how your SCIM Bridge will be deployed, select the listed deployment method, then select the Next button.

    4. Download and save your scimsession file securely, which will be used when deploying your SCIM Bridge to connect with 1Password.

    5. Download and store your bearer token securely, which both an IDP and this integration will use to connect to the SCIM Bridge.

    6. If needed, select the button for your deployment type and follow the instructions to deploy. Press the Next button to proceed.

    7. (optional) Set up Health Monitoring. 1Password offers an optional alert system to notify you about connection issues with your SCIM Bridge.

      • To set up, enable “Turn on health monitoring” and enter the publicly-addressable URL for your SCIM Bridge deployment.

      • Select the Next button to proceed.

    8. (optional) Connect your IDP to the SCIM Bridge. If you wish to connect an IDP to your SCIM Bridge, select the tile for your IDP to view configuration instructions. Select the “View details” button to open the new Uuer provisioning configuration profile.

      • On this page in 1Password, you can adjust multiple User Provisioning settings, generate new credentials, or delete the setup.

  • Deploy 1Password SCIM Bridge.

    1. Refer to 1Password’s official SCIM Bridge deployment examples repo for specific setup instructions across different deployment options.

    2. This will require the scimsession file generated from enabling User Provision in your 1Password account.

    3. Note: The publicly-addressable URL of this deployment (example: https://op-scim.mydomain.org) must be entered within the SCIM Bridge URL field when connecting 1Password to Drata.

Enable 1Password

  1. Select Connections on the side navigation menu.

  2. Select the Available connections tab, search for 1Password, and select Connect.

  3. Follow the instructions on the connection drawer.

    • After you select connect to 1Password, on the popup modal, enter the required fields with the values that you obtained from the previous section.

Additional resources

Did this answer your question?