Skip to content

Latest commit

 

History

History
74 lines (56 loc) · 4.18 KB

README.md

File metadata and controls

74 lines (56 loc) · 4.18 KB
Raw

Connect 1Password SCIM Bridge to Google Workspace

Learn how to configure your Docker deployed 1Password SCIM Bridge to connect Google Workspace.

This directory includes a JSON template file to configure Workspace settings, and a Compose override fileto create Docker secrets and merge the necessary configuration into your stack.

Before you begin

To connect your SCIM bridge to Workspace, you'll need permissions in Google Cloud to enable the required APIs and create a service account, and the email addrress of an administrator with the required permissions to use the service account with your Workspace tenant.

Step 1: Create a Google service account, key, and API client

  1. Follow the directions in Step 1 of our Connect Google Workspace to 1Password SCIM Bridge support article.

Caution

Complete only Step 1 in the linked article. If you sign in to the SCIM bridge to connect to Workspace, the configuration will be lost whenever the container is restarted. Follow the remaining steps in this document to save the Workspace configuration in your deployment.

  1. Upload the service account key to the working directory on the server. Make sure the file is named workspace-settings.json on the server. For example, using SCP:

    scp ./op-scim-bridge-df05213c8cf1.json op-scim-bridge.example.com:scim-examples/docker/workspace-settings.json

Step 2: Configure Workspace settings

  1. Download the workspace-settings.json template file from this repository to your computer.
  2. Open the template in your favourite text editor. Edit the following in this file:
    • Actor: Enter the email address for a Google Workspace administrator to use with the service account.
    • Bridge Address: Enter your SCIM bridge URL.

Important

Your SCIM bridge URL is based on the fully qualified domain name of the DNS record created in Before you begin. For example: https://op-scim-bridge.example.com (not your 1Password account sign-in address).

  1. Save the file and upload it to the working directory on the server. For example, using SCP:

    scp ./workspace-settings.json op-scim-bridge.example.com:scim-examples/docker/workspace-settings.json

Step 4: Redeploy your SCIM bridge and select groups

  1. Connect to the server and switch to the working directory. For example:

    cd ~/scim-examples/docker

  2. Redeploy SCIM bridge with the compose.gw.yaml override file included in your deployment command to create Docker secrets from the uploaded files and merge the configuration needed to connect Workspace. For example, to merge Workspace into the base configuration:

    docker stack config \
  --compose-file ./compose.template.yaml \
  --compose-file ./google-workspace/compose.gw.yaml \
  | docker stack deploy --compose-file - op-scim-bridge

Note

If you customized your deployment, include all override Compose files that you used in the deployment command as well as the Worskpace configuration. For example, to connect Workspace to a SCIM bridge deployed behind an externally managed load balancer or reverse proxy:

docker stack config \
  --compose-file ./compose.template.yaml \
  --compose-file ./compose.http.yaml \
  --compose-file ./google-workspace/compose.gw.yaml \
  | docker stack deploy --compose-file - op-scim-bridge
  1. Access your SCIM bridge URL in a web browser. Sign in with your bearer token.
  2. Select the Google group(s) you want to provision to 1Password in the Google Workspace configuration section. Click Save.

Learn more about automated provisioning with Google Workspace: Connect Google Workspace to 1Password SCIM Bridge (Next steps).