📘

Requires Enterprise Plans

Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.

SAML SSO

Configuring SAML SSO on Azure AD

For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:

1. Visit https://portal.azure.com/ and log in to your Microsoft account.
2. From your home screen, click the hamburger menu in the top left and then “Azure Active Directory” → "Enterprise applications".
3. Then, click on "New application" and then click on “Create your own application”.
4. Fill in the following details and click “Create”:

5. From the home screen of this new application, click on “Set up single sign on” and then “SAML”.
6. Click on “Edit” against the “Basic SAML Configuration” heading.
7. Assuming that DeepSource is hosted on https://deepsource.foobar.comfill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:

8. Click on “Edit” against the “Attributes & Claims” heading.
9. Fill in the following details and click “Save”:

10. Click on “Edit” against the “SAML Certificates” heading.

11. Make sure the "Signing Option" is set to "Sign SAML response and assertion".

    

12. Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option i) or you can selectively grant access to specific users (follow steps in option ii).

    1. Navigate to “Properties” using the menu on the left. Turn “Assignment Required?” to “No” and click “Save”.
    2. Navigate to “Users and Groups” using the menu on the left then click “Add user/group” → “None Selected” then select the users from the list on the right and click “Select” → “Assign”.

13. Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with https://login.microsoftonline.com/.

14. At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test” → “Test sign in” buttons on the “Single sign-on” page.

🚧

For Enterprise Cloud users

• In step 4, name of the app should be changed to DeepSource Enterprise Cloud.
• In step 7, DeepSource's URL should be changed to https://app.deepsource.com.

Configuring SAML SSO on DeepSource

Refer to:

• Setup SAML SSO -> Configuration on DeepSource Enterprise Cloud, or,
• Setup SAML SSO -> Configuration on DeepSource Enterprise Server.

SCIM Provisioning

Configuring SCIM on Azure AD

1. To Enable SCIM Provisioning, go to the DeepSource application you created on Azure in the previous section.
2. Navigate to “Provisioning” using the menu on the left and click on “Get started”.
3. On the next page, you will see a field named “Provisioning Mode”. Choose “Advanced” from the dropdown and then fill in the following details under the “Admin Credentials” section.

1. Click on “Test Connection” to verify the SCIM connection.
2. Click on ”Save” to apply the settings.
3. Finally, navigate back to the “Provisioning” tab and click on “Start provisioning” to enable the sync.

🚧

For Enterprise Cloud users

In step 3, the following values should be used instead:

Field	Values
Tenant URL	https://app.deepsource.com/scim/v2/
Secret Token	SCIM Authentication token generated from DeepSource

Configuring SCIM on DeepSource

Refer to:

• Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Cloud, or,
• Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Server.

🎉

You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.