Custom SCIM bridge deployments fail if using a `scimsession` file generated from a marketplace deployment

[ag-adampike]

Each scimsession credentials file generated by an app deployed using our "one-click" marketplace apps for SCIM bridge includes a value for the domain key, which corresponds to the public domain of the SCIM bridge supplied during setup. For example:

"domain":"op-scim.example.com"

This value of this key is empty when generating credentials for a custom deployment, and is expected to be empty when deploying SCIM bridge on any other platform:

"domain":""

If using a scimsession file generated by using our marketplace app deployments in a custom deployment, the deployment may fail.

In particular, this is to be expected if migrating a SCIM bridge to Google Cloud Run using credentials that were generated by a Google Cloud marketplace app deployment.

Known workarounds:

Important

The SCIM bridge URL for a marketplace app deployment always uses the domain name of a customer-created DNS record that points to the IP of its public endpoint. The URL must be updated in the identity provider if the new deployment has a different domain name, or the domain name of the existing DNS record must be updated or recreated if supplying a custom domain name for the new deployment.

Modify the existing scimsession file:

1. Replace the value for the domain key in a text editor with an empty string (see above example).
2. Redeploy using the modified scimsession file.

Regenerate credentials using 1Password.com:

1. Access the provisioning settings page in your 1Password account.
2. Click "Regenerate credentials" and follow the instructions.
3. Redeploy using the new scimsession file.
4. Update the bearer token in your identity provider to the bearer token associated with the new credentials.