From f9c0ea69beb9775db11faeb7a4d52adc18c6397c Mon Sep 17 00:00:00 2001 From: milldr Date: Tue, 17 Sep 2024 10:09:25 -0400 Subject: [PATCH 1/2] Update SCIM bridge credentials and integration steps --- .../ecs/tutorials/1password-scim-bridge.mdx | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/layers/ecs/tutorials/1password-scim-bridge.mdx b/docs/layers/ecs/tutorials/1password-scim-bridge.mdx index 79fc691fb..969849711 100644 --- a/docs/layers/ecs/tutorials/1password-scim-bridge.mdx +++ b/docs/layers/ecs/tutorials/1password-scim-bridge.mdx @@ -29,14 +29,14 @@ The implementation of this is fairly simple. We will generate credentials for th 1. Click Integrations in the sidebar 1. Select "Set up user provisioning" 1. Choose "Custom" - 1. You should now see the SCIM bridge credentials. We will need the "Bearer Token" for the next steps. - 1. Save this token in a secure location (such as 1Password) for future reference - 1. Store the credentials in AWS SSM Parameter Store. This will allow the ECS task definition to access the credentials securely. + 1. You should now see the SCIM bridge credentials. We will need the "scimsession" and "Bearer Token" for the next steps. + 1. Save these credentials in a secure location (such as 1Password) for future reference + 1. Store the "scimsession" in AWS SSM Parameter Store. This will allow the ECS task definition to access the credentials securely. Then the server will ask for the bearer token using the session, which we will enter at that time. - Open the AWS Web Console - Navigate to the target account, such as `core-auto`, and target region, such as `us-west-2` - Open "AWS System Manager" > "Parameter Store" - - Create a new Secure String parameter using the credentials you generated in the previous step: `/1password/scim/bearer-token` + - Create a new Secure String parameter using the credentials you generated in the previous step: `/1password/scim/scimsession` @@ -87,7 +87,7 @@ The implementation of this is fairly simple. We will generate credentials for th OP_TLS_DOMAIN: "" OP_CONFIRMATION_INTERVAL: "300" map_secrets: - OP_SESSION: "1password/scim/bearer-token" + OP_SESSION: "1password/scim/scimsession" # OP_WORKSPACE_CREDENTIALS: "" # OP_WORKSPACE_SETTINGS: "" log_configuration: @@ -122,15 +122,15 @@ The implementation of this is fairly simple. We will generate credentials for th ### Validate the Integration - The final step is to validate the integration. Connect to the VPN (if deployed the ECS service is deployed with a private ALB), navigate to the SCIM bridge URL, and confirm the service is running. + After deploying the SCIM bridge ECS service, verify the service is running and accessible. Connect to the VPN (if deployed the ECS service is deployed with a private ALB), navigate to the SCIM bridge URL, and confirm the service is running. For example, go to `https://1pass-scim.platform.usw1.auto.core.acme-svc.com/` - ### Connect your Identity Provider + ### Connect your Identity Provider - Finally, connect your identity provider to the SCIM bridge. The SCIM bridge URL will be the URL you validated in the previous step. Follow the instructions in the 1Password SCIM Bridge documentation to connect your identity provider. + Finally, connect your identity provider to the SCIM bridge. The SCIM bridge URL will be the URL you validated in the previous step. Follow the instructions in the 1Password SCIM Bridge documentation to connect your identity provider, using the Bearer Token you generated in the first step. From 8a523442c78391e2d0c74707861194e4614ca078 Mon Sep 17 00:00:00 2001 From: Dan Miller Date: Tue, 17 Sep 2024 08:25:20 -0700 Subject: [PATCH 2/2] Update docs/layers/ecs/tutorials/1password-scim-bridge.mdx --- docs/layers/ecs/tutorials/1password-scim-bridge.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/layers/ecs/tutorials/1password-scim-bridge.mdx b/docs/layers/ecs/tutorials/1password-scim-bridge.mdx index 969849711..470ac7cc1 100644 --- a/docs/layers/ecs/tutorials/1password-scim-bridge.mdx +++ b/docs/layers/ecs/tutorials/1password-scim-bridge.mdx @@ -31,7 +31,7 @@ The implementation of this is fairly simple. We will generate credentials for th 1. Choose "Custom" 1. You should now see the SCIM bridge credentials. We will need the "scimsession" and "Bearer Token" for the next steps. 1. Save these credentials in a secure location (such as 1Password) for future reference - 1. Store the "scimsession" in AWS SSM Parameter Store. This will allow the ECS task definition to access the credentials securely. Then the server will ask for the bearer token using the session, which we will enter at that time. + 1. Store only the "scimsession" in AWS SSM Parameter Store. This will allow the ECS task definition to access the credentials securely. Then once the service is running, the server will ask for the bearer token to verify the connection, which we will enter at that time. - Open the AWS Web Console - Navigate to the target account, such as `core-auto`, and target region, such as `us-west-2`