Control authentication to the DeepSource Dashboard with an Identity Provider.
SSO is a helpful security feature that lets customers control sign-in requirements and manage team member access to systems like the DeepSource Dashboard. With DeepSource, you can use SAML 2.0, a widely supported standard, to delegate the creation and authentication of team member accounts to an Identity Provider (IdP). This makes it easier to manage and secure user accounts within DeepSource.
The following is a list of IdPs with links to their respective guides explaining the integration process:
While we only have official guides for the above providers, the overall process remains quite similar while integrating with any other popular IdP (such as ADFS, PingFederate, etc.) via a SAML 2.0 based connector.
Before you can connect an Identity Provider (IdP) to your DeepSource team, you need to first verify the ownership of your organization’s email domain. This should be the domain name of your user’s email addresses used for signing into DeepSource.
Once DeepSource has verified your domain and you have successfully created and tested a SAML 2.0 connector on the IdP website, you need to tell DeepSource about it.
If you have enabled SAML and not SCIM, then users are provisioned access to your team Just-In-Time i.e. when the user signs into DeepSource with SAML SSO using your team’s configured IdP. They are given the MEMBER
role if there are empty seats else CONTRIBUTOR
role.
Once SAML has been configured on your IdP, navigate to “Config” tab in the Kotsadm admin panel:
Check “Yes” for “Enable SAML SSO”.
Enter the XML Metadata URL copied above for “IdP metadata URL”.
One last piece of configuration is whether you want to enable social authentication (i.e. allowing users to be created/log in with GitHub) alongside SAML. In this case, users will be allowed to either sign in via SSO or via OAuth. Choose accordingly.
Click save, and deploy the new version. You should now be able to Sign in to DeepSource Enterprise with SAML SSO.
SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning.
With SCIM enabled for your DeepSource team, users will be provisioned, updated, and de-provisioned in real-time with respect to changes on the IdP.
Once you have setup SAML SSO, you can optionally enable SCIM provisioning as well.
Navigate to “Config” tab in the Kotsadm admin panel:
Control authentication to the DeepSource Dashboard with an Identity Provider.
SSO is a helpful security feature that lets customers control sign-in requirements and manage team member access to systems like the DeepSource Dashboard. With DeepSource, you can use SAML 2.0, a widely supported standard, to delegate the creation and authentication of team member accounts to an Identity Provider (IdP). This makes it easier to manage and secure user accounts within DeepSource.
The following is a list of IdPs with links to their respective guides explaining the integration process:
While we only have official guides for the above providers, the overall process remains quite similar while integrating with any other popular IdP (such as ADFS, PingFederate, etc.) via a SAML 2.0 based connector.
Before you can connect an Identity Provider (IdP) to your DeepSource team, you need to first verify the ownership of your organization’s email domain. This should be the domain name of your user’s email addresses used for signing into DeepSource.
Once DeepSource has verified your domain and you have successfully created and tested a SAML 2.0 connector on the IdP website, you need to tell DeepSource about it.
If you have enabled SAML and not SCIM, then users are provisioned access to your team Just-In-Time i.e. when the user signs into DeepSource with SAML SSO using your team’s configured IdP. They are given the MEMBER
role if there are empty seats else CONTRIBUTOR
role.
Once SAML has been configured on your IdP, navigate to “Config” tab in the Kotsadm admin panel:
Check “Yes” for “Enable SAML SSO”.
Enter the XML Metadata URL copied above for “IdP metadata URL”.
One last piece of configuration is whether you want to enable social authentication (i.e. allowing users to be created/log in with GitHub) alongside SAML. In this case, users will be allowed to either sign in via SSO or via OAuth. Choose accordingly.
Click save, and deploy the new version. You should now be able to Sign in to DeepSource Enterprise with SAML SSO.
SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning.
With SCIM enabled for your DeepSource team, users will be provisioned, updated, and de-provisioned in real-time with respect to changes on the IdP.
Once you have setup SAML SSO, you can optionally enable SCIM provisioning as well.
Navigate to “Config” tab in the Kotsadm admin panel: