How FireHydrant uses the 1Password SCIM bridge to streamline security

Ylan Muller runs the IT department at FireHydrant, a company that helps engineering teams quickly and consistently respond to incidents within Slack, communicate what's happening through status pages, and improve systems with thoughtful retrospectives and analytics. She handles security, onboarding and offboarding, and more.

"My role is pretty much everything under the sun for IT," Muller explains.

How does she keep on top of everything, and keep FireHydrant secure? By using the right tools. "I'm hands-on in a lot of our corporate tooling," Muller says, "including things like 1Password and Identity and Access Management (IAM)."

FireHydrant has fully embraced 1Password, rolling it out to all 65 of its employees. This has empowered everyone to create, store, and use strong passwords at work. 1Password has also simplified security for Muller. By deploying the 1Password SCIM bridge, Muller is able to control 1Password through Okta and automate common administrative tasks, like adding people to groups, and suspending deprovisioned users.

The result? Efficient workflows that keep the business as secure as possible.

FireHydrant uses Okta, a single sign-on provider, to secure and manage enterprise apps. This allows employees to sign on to their SSO platform with a single, strongly vetted identity. But some services aren't supported by Okta. FireHydrant uses 1Password to ensure these accounts are protected by strong, unique passwords.

Together, SSO and 1Password form a line of defense that stretches across all the
sites and services that anyone in FireHydrant accesses.

1Password also goes beyond Okta by providing a safe and convenient place to store other kinds of digital secrets, like addresses, credit cards, and important documents.

As FireHydrant's sole IT manager, Muller needs to work efficiently. That means she doesn’t want to spend too much time adding new hires to 1Password. Or manually making sure that everyone has been placed in the correct groups inside 1Password – and that those groups mirror the ones FireHydrant has created for its employees inside Okta.

So Muller uses the 1Password SCIM bridge‌ to save time and keep FireHydrant's digital defenses as strong as possible.

1Password SCIM bridge connects 1Password to identity providers such as Okta, Rippling, Azure Active Directory, and others.

When FireHydrant hires a new team member, they're added to Okta – which, thanks to SCIM bridge, then adds them to 1Password with the correct access and permissions. This automation is one of the reasons why FireHydrant has been able to successfully roll out a password manager to all of its employees, and not just a select few.

"Otherwise I would have to go and reference the new hire's onboarding information, check what departments they’re in, and then place them in the right groups in 1Password,” Muller says. “So the SCIM bridge really streamlines that entire process.”

FireHydrant's IT manager estimates that the setup saves her roughly five minutes for every new hire. That might not sound like much, but all of those minutes add up if you work for a fast-growing company that's bringing on new people all the time.

And if someone is promoted, or given a new role? SCIM Bridge handles that, too. "Imagine you move from a sales team to a success team," Muller explains. "The vaults you can access in 1Password are automatically updated through the Okta push group and the SCIM bridge. That means we don't have to think about a role transition. All we have to do is go into Okta and change what department you're in. All of the rest happens for us, which is really helpful."

1Password SCIM Bridge doesn't just help with onboarding and role changes. It also streamlines the process of revoking access when someone leaves FireHydrant.

"The best part of the SCIM bridge is that it also takes care of deprovisioning for us," Muller says. "So we're never in a situation where we go, 'Oh, shoot! We forgot to turn off their 1Password account after they left. And they still have access to it somehow.'"

Revoking access is a critical and often overlooked part of business security. 1Password's first State of Access Report found that 25% of workers try to access an old work account after leaving their job – and 84% of those who tried say they were successfully able to log in.

FireHydrant audits all of its systems – and who has access to those systems – on a quarterly basis. Thanks to SCIM bridge, FireHydrant can inspect everyone's access in Okta and know that it's effectively inspecting 1Password at the same time.

"Before we had the SCIM bridge, we had to export all our users out of 1Password, throw them into our auditing tools, and then make sure all the active users still work here. Now we don't have to do that," Muller says. 

This gave Muller some precious time back every few months. "That's where we get the serious time savings back," she says. "Because we know that everything in 1Password is always in sync with Okta, which we already use as our source of truth for access management. This is not always the case with some of our other tools, where we have a lot more overhead after the fact to clean up the user database after we do those audits."

FireHydrant's company-wide rollout ensures that everyone has the ability to create, store, and securely share strong passwords.

But FireHydrant's usage goes way beyond login credentials. For example, Muller uses 1Password as an authenticator for sites that support two-factor authentication (2FA). Since all non-SSO supported apps deployed at FireHydrant require MFA as a part of their core security requirements, this makes life easier for end users.

"That's been huge," Muller says. "It's better than tying 2FA codes to your personal phone, then wiping your phone and realizing that all of your codes are gone! It also gets us out of the business of supporting authentication credentials on personal devices. It’s just so nice having everything all in one place."

FireHydrant's engineering team uses 1Password to secure important API credentials. "There are no good alternatives for that outside of 1Password, at least in our tech stack," she says.

Finally, FireHydrant uses 1Password to store and share Secure Notes. These are perfect for sensitive information that doesn’t fit neatly into a Password, Credit Card, Medical Record, or other standard 1Password item category. They support Markdown, a simple approach to formatting, and can be shared via vaults or 1Password's new item sharing.

All of this ensures that Muller and her colleagues can stay secure without slowing down. It empowers team members to practice good security habits and protect everything that's important to FireHydrant.

"Ultimately, 1Password lets employees have more autonomy and insight into where their credentials are being used, and how they want to use them," Muller explains.