Connecting SecureSlate & 1Password

SecureSlate connects to 1Password through the SCIM API, using read-only calls. We retrieve user and group information for access management and automated evidence collection. SecureSlate does not read passwords or provision/deprovision users.

To use this integration, you need a 1Password Business plan and a SCIM bridge deployed in your infrastructure. The bridge receives provisioning requests from your identity provider (IdP) and forwards them to 1Password servers.

 

 

The SCIM bridge is a service you host that lets 1Password translate SCIM commands into encryption key-based operations. Credentials for the bridge stay in infrastructure you control. For more background, see Set up automated provisioning using 1Password SCIM Bridge.

Prerequisites

Before you set up the SCIM bridge or connect SecureSlate, confirm you have:

• Administrator access to your 1Password Business account.
• A supported identity provider for user provisioning, such as Microsoft Entra ID (Azure AD), Okta, JumpCloud, OneLogin, or Rippling.
• A platform to deploy the SCIM bridge (for example, Google Cloud Platform, DigitalOcean, or your own infrastructure).
• A public DNS record pointing to your SCIM bridge (for example, scim.example.com).

Deploy your SCIM bridge

Once prerequisites are in place:

1. Sign in to your 1Password account as an admin.
2. In the sidebar, click Integrations.
3. Under User Provisioning, select your identity provider.
4. Follow the on-screen instructions to generate credentials and deploy your SCIM bridge.

After setup, you receive a SCIM bridge URL and bearer token. Save both securely (for example, in 1Password). Example deployment guides are available in the 1Password SCIM examples repository.

Test your SCIM bridge

Verify the bridge is reachable before connecting SecureSlate:

1. Open your SCIM bridge URL in a browser (for example, https://scim.example.com).
2. Sign in with the credentials from your deployment.
3. Review the 1Password SCIM Bridge status page for errors and download logs if you need to troubleshoot.

Connect 1Password to SecureSlate

Open the integration

1. In SecureSlate, open Integrations from the left sidebar.
2. Go to the Available tab.
3. Search for 1Password.
4. Click Connect on the 1Password card.

 

 

Review the integration details. SecureSlate requests read-only access to your SCIM bridge to retrieve user and group data. Mapped automation includes Automated Controls and Tests for access-related compliance checks.

 

 

Enter SCIM credentials

1. Continue through the setup flow to Connect 1Password to SecureSlate.
2. Enter your SCIM Bearer Token (from 1Password admin console → Integrations → User Provisioning).
3. Enter your SCIM Bridge URL (the URL where you deployed the bridge, for example https://scim.example.com).
4. Click Connect.

 

 

Verify the integration

After a successful connection:

• The 1Password integration appears under Connected on the Integrations page.
• User and group data from your SCIM bridge begins syncing for access management and related automated tests. Initial sync time depends on the size of your directory.

Troubleshooting

If the connection fails or data does not appear:

• Confirm your 1Password Business plan and that the SCIM bridge is deployed and healthy (use the bridge status page).
• Confirm the SCIM Bridge URL is correct, uses https://, and is reachable from the public internet.
• Confirm the SCIM Bearer Token matches the token saved during bridge setup (regenerate in 1Password if needed, then update SecureSlate).
• Confirm your IdP user provisioning to the SCIM bridge is configured and users/groups you expect are present in 1Password.
• Check that your identity provider is one of the supported options (Azure AD, Okta, JumpCloud, OneLogin, or Rippling).

Related guides

• Getting Started with Integrations
• Getting Started with User Access
• Access Reviews