Use the SCIM bridge and the command-line tool to automate 1Password Business

Use the SCIM bridge and the command-line tool to automate 1Password Business

Connor Hicks by Connor Hicks on

As a developer, I love getting different services to work together. Automating things gives me more time to focus on what matters and I want you to have that power, too. So, I’m going to show you how your business can use the 1Password command-line tool and 1Password SCIM bridge in perfect harmony to automate all sorts of administrative tasks. Let’s get to it.

Speed up specific tasks using the command-line tool

With 1Password Business, it’s simple for even the biggest, most complex enterprise to manage their account using the command-line tool. Just type a command to perform common administrative tasks like adding items, granting access to vaults, managing groups, and more – all in Terminal.

illustration of terminal and iMac

But what should you try first? Something we hear from a lot of large businesses is that it’s difficult to see and manage exactly who has access to what. The 1Password command-line makes it easy. I’ll show you.

To find out who has access to our Directors vault, I just type:

op list users --vault=Directors

Great! Now we have a list of people with direct access to the Directors vault. But while we’re here, we should check which groups have access, too. Use:

op list groups --vault=Directors

That gives us a list of groups with access to that vault. Now, we need to check who belongs to those groups. So, for each of the groups we got from the last command, we can do:

op list users --group=<group uuid>

And with just a bit of deduplication, we can see exactly who can use items from the Directors vault. It’s easy to script with the command-line tool, because the output is all JSON.

There’s so much you can do with the command-line tool, and we have lots of new features coming soon. Keep an eye on the blog for some exciting announcements.

Manage your whole team with the SCIM bridge

Automating specific tasks is great, but we know that managing multiple services and online accounts can be a headache for your business. Luckily, enterprise identity providers make it easier. They make sure that everyone in your company gets access to all the tools they need, without forcing you to manage each service individually.

If your business is using Okta or Azure Active Directory, SCIM integration makes provisioning employees in 1Password a breeze. Onboarding is seamless: 1Password automatically syncs your identity provider’s groups with the groups in your 1Password account, so everyone in the company has access to the credentials they need from the get-go. Revoking access is just as quick.

There are no complicated new systems for administrators to learn or time-consuming processes to implement – everything is managed from a single, central location. Oh, and the best part? It’s incredibly secure. All of this happens without ever sharing your account’s encryption keys, so you’re always in control of your data.

We’ve been working hard to make it simple to automate your 1Password account and we’ll continue to make more automations possible over the coming months. Give the 1Password command-line tool and SCIM bridge a try, and make sure to visit our discussion forums to let us know what you think!

Technical Lead, Provisioning

Connor Hicks - Technical Lead, Provisioning Connor Hicks - Technical Lead, Provisioning

Tweet about this post