1Password uses Checkly to provide transparent, advanced synthetic monitoring to 1Password SCIM bridge customers
1Password is a leader in human-centric security and privacy, with a solution that’s built from the ground up to enable anyone—no matter the level of technical proficiency—to navigate the digital world without fear or friction when logging in. 1Password allows users to store system passwords—and other valuable information like credit cards and notes—in a secure online vault. 1Password also provides password protection services for customers of all sizes, ranging from the largest enterprises to families and individual personal use.
In developing their 1Password SCIM bridge product—which provides a way for companies to connect the 1Password platform to identity providers like Azure Active Directory, Okta, Google Workspace, and Rippling to control employee access to company resources—the 1Password team wanted to provide seamless synthetic system monitoring to customers. Working with Checkly, they were able to provide monitoring services that simultaneously increase customer satisfaction while reducing demands on 1Password’s support staff.
The Problem
Providing transparent health monitoring to SCIM bridge customers
As part of the SCIM bridge deployment process, 1Password customers deploy the bridge to their own infrastructure. This immediately raised the question of how to offer end-users visibility into the health of the SCIM bridge, together with the information they needed for diagnosing and fixing issues on their own.
“We needed health monitoring on a product that we developed, but that our customers deploy, which is kind of a unique requirement,” says De Ville Weppenaar, senior developer at 1Password. “To solve this issue, we decided to build health monitoring—a tool that administrators can use to quickly check on their SCIM bridge and narrow down any technical issues. We had a good idea of how this should work and wanted to partner with a company focused on server monitoring: Checkly.”
The Solution
Protecting customer data while ensuring privacy and security
Part of the challenge of using Checkly for health monitoring for 1Password customers was making sure that customer information was kept secure and private. “That meant limiting Checkly’s access to the absolute minimum needed to deliver a functional service,” adds Weppenaar. “To achieve this balance we used a random unique identifier to link accounts to Checkly checks. Then we added a second authentication token to the SCIM bridge that can only be used to hit its health check endpoint.”
Weppenaar explained that the 1Password SCIM bridge is configured in a way to ensure that neither 1Password nor Checkly ever has access to the keys needed to decrypt passwords and credentials that the customer securely stores. (For more on the SCIM bridge integration with Checkly, Weppenaar wrote a blog post that describes the process in more detail.)
In working with Checkly to develop health monitoring for 1Password, Weppenaar stressed how easy it was to work with them. “The team at Checkly was very quick to respond to any questions we had, and the [Checkly] documentation was great from a developer perspective,” says Weppenaar. “We were moving pretty fast and I didn't feel like Checkly was slowing us down at all—if anything, they were enabling us.”
In developing health monitoring for SCIM bridge customers, 1Password engineers leveraged the Checkly API to automatically set up API checks for every new bridge that is provisioned. Checkly polls the health check endpoint of the deployed bridges to determine their status. The health status, provided by Checkly, is made available to an administrator user when they sign into their 1Password for Business account, but is also used to send automated alerts to the administrators when a problem is detected or resolved. All of this is achieved without SCIM bridge users having to create and manage a separate Checkly account.
The Impact
Securing customer data, providing a superior customer experience, and serving up seamless, advanced synthetic monitoring
With Checkly synthetic monitoring integrated with the 1Password SCIM bridge, Jeff Gumke, engineering manager for the 1Password provisioning team, stressed that the solution works together seamlessly and doesn’t require extensive technical expertise to deploy.
“Some of our customers are not super technical. Some are also smaller companies and they don't necessarily have their own IT team,” says Gumke. “They don’t have the resources to build an extravagant health monitoring system for a server that lives in their environment—an integration with Checkly provides that benefit to our customers.”
Weppenaar and Gumke both underscore the ease of use of the joint solution, and how the addition of system health monitoring via Checkly gives customers peace of mind that everything stays up and running, and is ultimately healthy.
“During the configuration process for the 1Password SCIM bridge, customers only have to click on a single checkbox if they want health monitoring,” says Weppenaar. “After that, it's basically seamless. They start getting emails when things go wrong, and alerts that tell them which specific part of the service is struggling. Thanks to Checkly, we were able to abstract something that can potentially be very technical, and make it completely transparent for folks.”
According to Gumke, Checkly synthetic monitoring has been selected by thousands of 1Password SCIM bridge customers. “We have thousands of active SCIM bridges, with a large percentage of those using Checkly for monitoring.”
Another benefit for using the monitoring functionality is that identifying problems for customers directly—and helping them diagnose their own issues before having to contact 1Password technical support—has benefits for all parties.
“There's a good subset of customers that receive emails from the Checkly service about an issue, and they're able to restart the bridge or investigate the problem themselves and solve it before calling us at all,” says Gumke. “That’s a huge win for us, because it cuts back on the volume of calls for our customer service folks. It’s also a huge win for the customer too. Let's be honest, nobody likes sitting on the phone with customer service, so it’s a win-win all around.”
First released in 2005, 1Password now boasts more than 900 employees, millions of customers, and more than 100,000 businesses, including IBM, Slack, and Snowflake, that rely on 1Password to keep their most important information safe.
