Azure AD - DeepSource

Requires Enterprise Plans

Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) sales@deepsource.io for a demo.

SAML SSO

Configuring SAML SSO on Azure AD

For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:

Visit https://portal.azure.com/ and log in to your Microsoft account.
From your home screen, click the hamburger menu in the top left and then “Azure Active Directory” → “Enterprise applications”.
Then, click on “New application” and then click on “Create your own application”.
Fill in the following details and click “Create”:

Field	Value
What’s the name of your app?	DeepSource Enterprise Server
What are you looking to do with your application?	Integrate any other application you don’t find in the gallery (Non-gallery)

From the home screen of this new application, click on “Set up single sign on” and then “SAML”.
Click on “Edit” against the “Basic SAML Configuration” heading.
Assuming that DeepSource is hosted on https://deepsource.foobar.comfill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:

Field	Value
Identifier (Entity ID)	`https://deepsource.foobar.com/saml2/metadata/`
Reply URL (Assertion Consumer Service URL)	`https://deepsource.foobar.com/saml2/acs/`
Sign on URL	`https://deepsource.foobar.com/saml2/acs/`
Logout URL	`https://deepsource.foobar.com/saml2/ls/post/`

Click on “Edit” against the “Attributes & Claims” heading.
Fill in the following details and click “Save”:

Name	Source	Source attribute
Unique User Identifier (Name ID)	Attribute	user.userprincipalname (from dropdown)
email	Attribute	user.mail (from dropdown)
first_name	Attribute	user.givenname (from dropdown)
last_name	Attribute	user.surname (from dropdown)

Click on “Edit” against the “SAML Certificates” heading.
Make sure the “Signing Option” is set to “Sign SAML response and assertion”.

Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option i) or you can selectively grant access to specific users (follow steps in option ii).
1. Navigate to “Properties” using the menu on the left. Turn “Assignment Required?” to “No” and click “Save”.
2. Navigate to “Users and Groups” using the menu on the left then click “Add user/group” → “None Selected” then select the users from the list on the right and click “Select” → “Assign”.
Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with https://login.microsoftonline.com/.
At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test” → “Test sign in” buttons on the “Single sign-on” page.

In step 4, name of the app should be changed to DeepSource Enterprise Cloud.
In step 7, DeepSource’s URL should be changed to https://app.deepsource.com.

Configuring SAML SSO on DeepSource

Refer to:

SCIM Provisioning

Configuring SCIM on Azure AD

To Enable SCIM Provisioning, go to the DeepSource application you created on Azure in the previous section.
Navigate to “Provisioning” using the menu on the left and click on “Get started”.
On the next page, you will see a field named “Provisioning Mode”. Choose “Advanced” from the dropdown and then fill in the following details under the “Admin Credentials” section.

Field	Value
Tenant URL	`https://deepsource.foobar.com/scim/v2/`
Secret Token	SCIM Authentication token which you have put in Admin Panel

Click on “Test Connection” to verify the SCIM connection.
Click on ”Save” to apply the settings.
Finally, navigate back to the “Provisioning” tab and click on “Start provisioning” to enable the sync.

In step 3, the following values should be used instead:

Field	Values
Tenant URL	`https://app.deepsource.com/scim/v2/`
Secret Token	SCIM Authentication token generated from DeepSource

Configuring SCIM on DeepSource

Refer to:

You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.

On this page

SAML SSO
Configuring SAML SSO on Azure AD
Configuring SAML SSO on DeepSource
SCIM Provisioning
Configuring SCIM on Azure AD
Configuring SCIM on DeepSource

Requires Enterprise Plans

Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) sales@deepsource.io for a demo.

SAML SSO

Configuring SAML SSO on Azure AD

For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:

Visit https://portal.azure.com/ and log in to your Microsoft account.
From your home screen, click the hamburger menu in the top left and then “Azure Active Directory” → “Enterprise applications”.
Then, click on “New application” and then click on “Create your own application”.
Fill in the following details and click “Create”:

Field	Value
What’s the name of your app?	DeepSource Enterprise Server
What are you looking to do with your application?	Integrate any other application you don’t find in the gallery (Non-gallery)

From the home screen of this new application, click on “Set up single sign on” and then “SAML”.
Click on “Edit” against the “Basic SAML Configuration” heading.
Assuming that DeepSource is hosted on https://deepsource.foobar.comfill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:

Field	Value
Identifier (Entity ID)	`https://deepsource.foobar.com/saml2/metadata/`
Reply URL (Assertion Consumer Service URL)	`https://deepsource.foobar.com/saml2/acs/`
Sign on URL	`https://deepsource.foobar.com/saml2/acs/`
Logout URL	`https://deepsource.foobar.com/saml2/ls/post/`

Click on “Edit” against the “Attributes & Claims” heading.
Fill in the following details and click “Save”:

Name	Source	Source attribute
Unique User Identifier (Name ID)	Attribute	user.userprincipalname (from dropdown)
email	Attribute	user.mail (from dropdown)
first_name	Attribute	user.givenname (from dropdown)
last_name	Attribute	user.surname (from dropdown)

Click on “Edit” against the “SAML Certificates” heading.
Make sure the “Signing Option” is set to “Sign SAML response and assertion”.

Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option i) or you can selectively grant access to specific users (follow steps in option ii).
1. Navigate to “Properties” using the menu on the left. Turn “Assignment Required?” to “No” and click “Save”.
2. Navigate to “Users and Groups” using the menu on the left then click “Add user/group” → “None Selected” then select the users from the list on the right and click “Select” → “Assign”.
Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with https://login.microsoftonline.com/.
At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test” → “Test sign in” buttons on the “Single sign-on” page.

In step 4, name of the app should be changed to DeepSource Enterprise Cloud.
In step 7, DeepSource’s URL should be changed to https://app.deepsource.com.

Configuring SAML SSO on DeepSource

Refer to:

SCIM Provisioning

Configuring SCIM on Azure AD

To Enable SCIM Provisioning, go to the DeepSource application you created on Azure in the previous section.
Navigate to “Provisioning” using the menu on the left and click on “Get started”.
On the next page, you will see a field named “Provisioning Mode”. Choose “Advanced” from the dropdown and then fill in the following details under the “Admin Credentials” section.

Field	Value
Tenant URL	`https://deepsource.foobar.com/scim/v2/`
Secret Token	SCIM Authentication token which you have put in Admin Panel

Click on “Test Connection” to verify the SCIM connection.
Click on ”Save” to apply the settings.
Finally, navigate back to the “Provisioning” tab and click on “Start provisioning” to enable the sync.

In step 3, the following values should be used instead:

Field	Values
Tenant URL	`https://app.deepsource.com/scim/v2/`
Secret Token	SCIM Authentication token generated from DeepSource

Configuring SCIM on DeepSource

Refer to:

You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.

On this page

SAML SSO
Configuring SAML SSO on Azure AD
Configuring SAML SSO on DeepSource
SCIM Provisioning
Configuring SCIM on Azure AD
Configuring SCIM on DeepSource

​SAML SSO

​Configuring SAML SSO on Azure AD

​Configuring SAML SSO on DeepSource

​SCIM Provisioning

​Configuring SCIM on Azure AD

​Configuring SCIM on DeepSource

​SAML SSO

​Configuring SAML SSO on Azure AD

​Configuring SAML SSO on DeepSource

​SCIM Provisioning

​Configuring SCIM on Azure AD

​Configuring SCIM on DeepSource

SAML SSO

Configuring SAML SSO on Azure AD

Configuring SAML SSO on DeepSource

SCIM Provisioning

Configuring SCIM on Azure AD

Configuring SCIM on DeepSource

SAML SSO

Configuring SAML SSO on Azure AD

Configuring SAML SSO on DeepSource

SCIM Provisioning

Configuring SCIM on Azure AD

Configuring SCIM on DeepSource