This document explains the process to enable SAML SSO and SCIM on DeepSource using Azure Active Directory (AD) as the Identity Provider (IdP).
Requires Enterprise Plans
Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) sales@deepsource.io for a demo.
For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:
Field | Value |
---|---|
What’s the name of your app? | DeepSource Enterprise Server |
What are you looking to do with your application? | Integrate any other application you don’t find in the gallery (Non-gallery) |
https://deepsource.foobar.com
fill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:Field | Value |
---|---|
Identifier (Entity ID) | https://deepsource.foobar.com/saml2/metadata/ |
Reply URL (Assertion Consumer Service URL) | https://deepsource.foobar.com/saml2/acs/ |
Sign on URL | https://deepsource.foobar.com/saml2/acs/ |
Logout URL | https://deepsource.foobar.com/saml2/ls/post/ |
Name | Source | Namespace | Source attribute |
---|---|---|---|
Unique User Identifier (Name ID) | Attribute | user.userprincipalname (from dropdown) | |
Attribute | user.mail (from dropdown) | ||
first_name | Attribute | user.givenname (from dropdown) | |
last_name | Attribute | user.surname (from dropdown) |
Click on “Edit” against the “SAML Certificates” heading.
Make sure the “Signing Option” is set to “Sign SAML response and assertion”.
Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option i) or you can selectively grant access to specific users (follow steps in option ii).
Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with https://login.microsoftonline.com/
.
At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test” → “Test sign in” buttons on the “Single sign-on” page.
DeepSource Enterprise Cloud
.Refer to:
Field | Value |
---|---|
Tenant URL | https://deepsource.foobar.com/scim/v2/ |
Secret Token | SCIM Authentication token which you have put in Admin Panel |
In step 3, the following values should be used instead:
Field | Values | |
---|---|---|
Tenant URL | https://app.deepsource.com/scim/v2/ | |
Secret Token | SCIM Authentication token generated from DeepSource |
Refer to:
You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.
This document explains the process to enable SAML SSO and SCIM on DeepSource using Azure Active Directory (AD) as the Identity Provider (IdP).
Requires Enterprise Plans
Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) sales@deepsource.io for a demo.
For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:
Field | Value |
---|---|
What’s the name of your app? | DeepSource Enterprise Server |
What are you looking to do with your application? | Integrate any other application you don’t find in the gallery (Non-gallery) |
https://deepsource.foobar.com
fill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:Field | Value |
---|---|
Identifier (Entity ID) | https://deepsource.foobar.com/saml2/metadata/ |
Reply URL (Assertion Consumer Service URL) | https://deepsource.foobar.com/saml2/acs/ |
Sign on URL | https://deepsource.foobar.com/saml2/acs/ |
Logout URL | https://deepsource.foobar.com/saml2/ls/post/ |
Name | Source | Namespace | Source attribute |
---|---|---|---|
Unique User Identifier (Name ID) | Attribute | user.userprincipalname (from dropdown) | |
Attribute | user.mail (from dropdown) | ||
first_name | Attribute | user.givenname (from dropdown) | |
last_name | Attribute | user.surname (from dropdown) |
Click on “Edit” against the “SAML Certificates” heading.
Make sure the “Signing Option” is set to “Sign SAML response and assertion”.
Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option i) or you can selectively grant access to specific users (follow steps in option ii).
Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with https://login.microsoftonline.com/
.
At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test” → “Test sign in” buttons on the “Single sign-on” page.
DeepSource Enterprise Cloud
.Refer to:
Field | Value |
---|---|
Tenant URL | https://deepsource.foobar.com/scim/v2/ |
Secret Token | SCIM Authentication token which you have put in Admin Panel |
In step 3, the following values should be used instead:
Field | Values | |
---|---|---|
Tenant URL | https://app.deepsource.com/scim/v2/ | |
Secret Token | SCIM Authentication token generated from DeepSource |
Refer to:
You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.