1Password SCIM Bridge

Improved

• Updated Redis cursor type to avoid overflow. #PROV-796
• Improved performance of fetching and syncing groups for Google Workspace. !1233

Security

• Upgraded Go to 1.25.7.

Fixed

• A set of group membership operations are no longer skipped when one operation would result in a no-op. #4355

Fixed

• Users with matching pending email changes will now match existing users instead of creating duplicates. #4338

Security

• Updated golang-jwt to patch non-exploitable dependency CVE. #4309

Fixed

• Updated Go to 1.23.8. #4305

Improved

• We improved the warning message when a user is provisioned with an unsupported language. #3831
• We made multiple improvements to prevent request smuggling, including no longer allowing spaces in the request method body. #3979

Fixed

• Email capitalization no longer causes mismatches with Google Workspace. #3421

Security

• We’ve updated golang.org/x/crypto and other Go core libraries to the latest versions to address CVE-2024-45337.

Improved

• We updated the firewall error message on SCIM bridge login. #4190

Fixed

• The Google Workspace sync no longer fails to finish when a previously managed group is deleted in 1Password. #4203
• The Google Workspace sync no longer creates duplicate groups when de-synchronized and renamed in Google Workspace. #4099
• The Google Workspace sync no longer fails for a group when a Guest user is present in 1Password. #4139

New

• You can now customize group membership cache expiry with the OP_GROUP_MEMBERSHIP_CACHE_PERIOD environment variable, to consistently report accurate memberships when using the CLI to manage groups. #4137

Improved

• Operations such as Add, Remove, and Replace are now case-insensitive. #4179

Fixed

• We fixed a bug from 2.9.0 where Okta imports weren’t working. TotalResults is now accurate. #4051

Improved

• Added support for SCIM-compliant Meta timestamps for users and groups.
• Push notifications from Google Workspace are now more resilient to error.

Fixed

• Groups that fail to be retrieved during the Google Workspace sync will no longer cause accidental user suspensions.

Security

• OP domain validation now relies on an eTLD-capable URL parser.
• Updated security related dependencies.

Fixed

• Fixed a Google Workspace bug that could cause managed groups to become unselected upon server restart. #4038
• The Google Workspace integration will now match groups based on name instead of creating duplicates. #3404

Improved

• Improved performance of the Confirmation Watcher. #4085

Security

• Updated the base image to the most recent version. #4087

Security

• Updated Go package versions to address CVE-2023-45288. #4061

Fixed

• GET /Users requests now return the correct number of total results when a filter is applied. #3272
• The Google Workspace integration will no longer suspend guest users. #2712
• Archiving users in Google Workspace will now suspend them in 1Password. #3946
• Failed user suspensions due to server errors are automatically retried. #4017

New

• Docker images now support arm64 architectures. #3885

Improved

• Logs now include the hostname and a unique instance_id for easier identification in deployments with multiple replicas. #3842
• Return a more detailed and appropriate response when failing to reactivate users. #3878
• URL validators for Google Workspace configurations now provide more actionable error messages. #2872
• Improved clarity and accuracy of Google Workspace group tables member count. #2873

Fixed

• Changing a group name will now succeed on retry when there is missing data in the redis cache. #3817
• OP_REDIS_ENABLE_SSL now functions as expected. #3915

Improved

• Return “HTTP 429 Too Many Requests” when the SCIM bridge is being rate limited. #3329
• Non-URL safe characters are now accepted when using OP_REDIS_PASSWORD. #3905