diff --git a/docs/layers/ecs/tutorials/1password-scim-bridge.mdx b/docs/layers/ecs/tutorials/1password-scim-bridge.mdx
new file mode 100644
index 000000000..79fc691fb
--- /dev/null
+++ b/docs/layers/ecs/tutorials/1password-scim-bridge.mdx
@@ -0,0 +1,137 @@
+---
+title: "Deploy 1Password SCIM Bridge"
+sidebar_label: "1Password SCIM Bridge"
+description: "Deploy the 1Password SCIM Bridge for ECS environments"
+---
+
+import Intro from "@site/src/components/Intro";
+import Steps from "@site/src/components/Steps";
+import Step from "@site/src/components/Step";
+import StepNumber from "@site/src/components/StepNumber";
+import CollapsibleText from "@site/src/components/CollapsibleText";
+
+
+ The 1Password SCIM Bridge is a service that allows you to automate the management of users and groups in 1Password. This guide will walk you through deploying the SCIM Bridge for ECS environments.
+
+
+## Implementation
+
+The implementation of this is fairly simple. We will generate credentials for the SCIM bridge in 1Password, store them in AWS SSM Parameter Store, deploy the SCIM bridge ECS service, and then finally connect your choosen identity provider.
+
+
+
+ ### Generate Credentials for your SCIM bridge in 1Password
+
+ The first step is to generate credentials for your SCIM bridge in 1Password. We will pass these credentials to Terraform and the ECS task definition to create the SCIM bridge.
+
+
+ 1. Log in to your 1Password account
+ 1. Click Integrations in the sidebar
+ 1. Select "Set up user provisioning"
+ 1. Choose "Custom"
+ 1. You should now see the SCIM bridge credentials. We will need the "Bearer Token" for the next steps.
+ 1. Save this token in a secure location (such as 1Password) for future reference
+ 1. Store the credentials in AWS SSM Parameter Store. This will allow the ECS task definition to access the credentials securely.
+
+
+ - Open the AWS Web Console - Navigate to the target account, such as `core-auto`, and target region, such as `us-west-2`
+ - Open "AWS System Manager" > "Parameter Store"
+ - Create a new Secure String parameter using the credentials you generated in the previous step: `/1password/scim/bearer-token`
+
+
+
+ There will be additional steps to complete the integration in 1Password, but first we need to deploy the SCIM bridge service.
+
+
+
+ ### Deploy the SCIM bridge ECS Service
+
+ The next step is to deploy the SCIM bridge ECS service. We will use Terraform to create the necessary resources with our existing `ecs-service` component. Ensure you have the `ecs-service` component and `ecs` cluster before proceeding.
+
+ If you do not have ECS prerequisites, please see the [ECS layer](/layers/ecs) to create the necessary resources.
+
+
+ 1. Create a new stack configuration for the SCIM bridge. The placement of this file will depend on your project structure. For example, you could create a new file such as `stacks/catalog/ecs-services/1password-scim-bridge.yaml` with the following content:
+
+
+ ```yaml
+ import:
+ - catalog/terraform/services/defaults
+
+ components:
+ terraform:
+ 1pass-scim:
+ metadata:
+ component: ecs-service
+ inherits:
+ - ecs-service/defaults
+ vars:
+ enabled: true
+ name: 1pass-scim
+ containers:
+ service:
+ name: op_scim_bridge
+ image: 1password/scim:v2.9.5
+ cpu: 128
+ memory: 512
+ essential: true
+ dependsOn:
+ - containerName: redis
+ condition: START
+ port_mappings:
+ - containerPort: 3002
+ hostPort: 3002
+ protocol: tcp
+ map_environment:
+ OP_REDIS_URL: redis://localhost:6379
+ OP_TLS_DOMAIN: ""
+ OP_CONFIRMATION_INTERVAL: "300"
+ map_secrets:
+ OP_SESSION: "1password/scim/bearer-token"
+ # OP_WORKSPACE_CREDENTIALS: ""
+ # OP_WORKSPACE_SETTINGS: ""
+ log_configuration:
+ logDriver: awslogs
+ options: {}
+ redis:
+ name: redis
+ image: redis:latest
+ cpu: 128
+ memory: 512
+ essential: true
+ restart: always
+ port_mappings:
+ - containerPort: 6379
+ hostPort: 6379
+ protocol: tcp
+ map_environment:
+ REDIS_ARGS: "--maxmemory 256mb --maxmemory-policy volatile-lru"
+ log_configuration:
+ logDriver: awslogs
+ options: {}
+ ```
+
+ 2. Confirm the `map_secrets` value for `OP_SESSION` matches the AWS SSM Parameter Store path you created previously, an confirm they are in the same account and region as this ECS service component.
+ 3. Deploy the ECS service with Atmos:
+ ```bash
+ atmos terraform apply 1pass-scim -s core-usw2-auto
+ ```
+
+
+
+
+ ### Validate the Integration
+
+ The final step is to validate the integration. Connect to the VPN (if deployed the ECS service is deployed with a private ALB), navigate to the SCIM bridge URL, and confirm the service is running.
+
+ For example, go to `https://1pass-scim.platform.usw1.auto.core.acme-svc.com/`
+
+
+
+ ### Connect your Identity Provider
+
+ Finally, connect your identity provider to the SCIM bridge. The SCIM bridge URL will be the URL you validated in the previous step. Follow the instructions in the 1Password SCIM Bridge documentation to connect your identity provider.
+
+
+
+