Requires Enterprise Plans
Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.
For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:
- Visit https://portal.azure.com/ and log in to your Microsoft account.
- From your home screen, click the hamburger menu in the top left and then “Azure Active Directory” → "Enterprise applications".
- Then, click on "New application" and then click on “Create your own application”.
- Fill in the following details and click “Create”:
|What's the name of your app?||DeepSource Enterprise Server|
|What are you looking to do with your application?||Integrate any other application you don't find in the gallery (Non-gallery)|
- From the home screen of this new application, click on “Set up single sign on” and then “SAML”.
- Click on “Edit” against the “Basic SAML Configuration” heading.
- Assuming that DeepSource is hosted on
https://deepsource.foobar.comfill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:
|Identifier (Entity ID)|
|Reply URL (Assertion Consumer Service URL)|
|Sign on URL|
- Click on “Edit” against the “Attributes & Claims” heading.
- Fill in the following details and click “Save”:
|Unique User Identifier (Name ID)||Attribute||user.userprincipalname (from dropdown)|
|Attribute||user.mail (from dropdown)|
|first_name||Attribute||user.givenname (from dropdown)|
|last_name||Attribute||user.surname (from dropdown)|
- Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option a) or you can selectively grant access to specific users (follow steps in option b).
- Navigate to “Properties” using the menu on the left. Turn “Assignment Required?” to “No” and click “Save”.
- Navigate to “Users and Groups” using the menu on the left then click “Add user/group” → “None Selected” then select the users from the list on the right and click “Select” → “Assign”.
- Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with
- At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test” → “Test sign in” buttons on the “Single sign-on” page.
For Enterprise Cloud users
- In step 4, name of the app should be changed to
DeepSource Enterprise Cloud.
- In step 7, DeepSource's URL should be changed to https://app.deepsource.com.
- Setup SAML SSO -> Configuration on DeepSource Enterprise Cloud, or,
- Setup SAML SSO -> Configuration on DeepSource Enterprise Server.
- To Enable SCIM Provisioning, go to the DeepSource application you created on Azure in the previous section.
- Navigate to “Provisioning” using the menu on the left and click on “Get started”.
- On the next page, you will see a field named “Provisioning Mode”. Choose “Advanced” from the dropdown and then fill in the following details under the “Admin Credentials” section.
|Secret Token||SCIM Authentication token which you have put in Admin Panel|
- Click on “Test Connection” to verify the SCIM connection.
- Click on ”Save” to apply the settings.
- Finally, navigate back to the “Provisioning” tab and click on “Start provisioning” to enable the sync.
For Enterprise Cloud users
In step 3, the following values should be used instead:
Field Values Tenant URL
Secret Token SCIM Authentication token generated from DeepSource
- Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Cloud, or,
- Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Server.
You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.
Updated 3 months ago