SAML SSO & SCIM: Okta

This document explains the process to enable SAML SSO and SCIM on DeepSource using Okta as the Identity Provider (IdP).

๐Ÿ“˜

Requires Enterprise Plans

Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.

SAML SSO

Configuring SAML SSO on Okta

For now, an admin (on Okta) needs to create a custom SAML integration for DeepSource Enterprise. The steps for which are as given:

  1. On the left sidebar, choose "Applications" โ†’ "Applications", and click on "Create App Integration".
  2. Choose "SAML 2.0" and click "Next".
  1. Fill in the following details:
FieldValue
App NameDeepSource
  1. Assuming that DeepSource is hosted on-premise at https://deepsource.foobar.com, fill in the following details accordingly:

๐Ÿšง

Note for Enterprise Cloud Users

If you're on DeepSource Enterprise Cloud, replace https://deepsource.foobar.com with https://app.deepsource.com

FieldValues
Single sign on URLhttps://deepsource.foobar.com/saml2/acs/
Audience URI (SP Entity ID)https://deepsource.foobar.com/saml2/metadata/
Name ID formatEmailAddress (choose from drop down)
Application usernameEmail (choose from drop down
  1. In "Attribute Statements", add the following:
FieldName formatValue
first_nameBasicuser.firstName
last_nameBasicuser.lastName
  1. Under Feedback selection, choose:
    1. For "Are you a customer or partner?", choose "I am an Okta customer, adding an internal app".
    2. App type: check the box โ€” This is an internal app that we have created. Otherwise, Okta will ask for many other fields. Click on "Finish".
  2. On the next screen, go to the โ€œSAML Signing Certificatesโ€ section. Copy the link for "Identity Provider Metadata" by clicking on Actions -> View IdP metadata for the โ€œSHA-2 Typeโ€ certificate. It should be in the format: https://<customer>.okta.com/app/<app-slug>/sso/saml/metadata.

Configuring SAML SSO on DeepSource

Refer to:

SCIM Provisioning

Configuring SCIM on Okta

  1. To Enable SCIM Provisioning, select DeepSource application, then go to General โ†’ App Settings โ†’ Edit and turn on Enable SCIM provisioning.

  2. Click on the Provisioning tab, under SCIM Connection, click on Edit and configure the given parameters.

    FieldValues
    SCIM connector base URLhttps://deepsource.foobar.com/scim/v2/
    Unique identifier field for usersemail
    Supported provisioning actionsPush New Users, Push Profile Updates, Push Groups
    Authentication ModeHTTP Header
    Authorization bearer tokenSCIM Authentication token which you have put in replicated console (kotsadm)

๐Ÿšง

Note for Enterprise Cloud

If you're on DeepSource Enterprise Cloud, use the following values instead of the values defined above.

FieldValues
SCIM connector base URLhttps://app.deepsource.com/scim/v2/
Unique identifier field for usersemail
Supported provisioning actionsImport New Users and Profile Updates, Push New Users, Push Profile Updates
Authentication ModeHTTP Header
Authorization bearer tokenSCIM Authentication token generated from DeepSource
  1. Click on Test Connector Configuration to verify SCIM connection.

  2. Click on Save to apply the settings.

  3. After the integration is saved successfully, go to To App option on the left sidebar under Settings inside Provisioning.

  4. Enable the following options:

    • Create Users
    • Update User Attributes
    • Deactivate Users

    and, click on Save.

Configuring SCIM on DeepSource

Refer to:

๐ŸŽ‰

You have successfully configured SCIM provisioning for your DeepSource Enterprise via Okta.