This document explains the process to enable SAML SSO and SCIM on DeepSource using Azure Active Directory (AD) as the Identity Provider (IdP).


Requires Enterprise Plans

Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.


Configuring SAML SSO on Azure AD

For now, an admin (on Azure) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as follows:

  1. Visit and log in to your Microsoft account.
  2. From your home screen, click the hamburger menu in the top left and then “Azure Active Directory”"Enterprise applications".
  3. Then, click on "New application" and then click on “Create your own application”.
  4. Fill in the following details and click “Create”:
What's the name of your app?DeepSource Enterprise Server
What are you looking to do with your application?Integrate any other application you don't find in the gallery (Non-gallery)
  1. From the home screen of this new application, click on “Set up single sign on” and then “SAML”.
  2. Click on “Edit” against the “Basic SAML Configuration” heading.
  3. Assuming that DeepSource is hosted on https://deepsource.foobar.comfill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:
Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
Sign on URL
Logout URL
  1. Click on “Edit” against the “Attributes & Claims” heading.
  2. Fill in the following details and click “Save”:
NameSourceNamespaceSource attribute
Unique User Identifier (Name ID)Attributeuser.userprincipalname (from dropdown)
emailAttributeuser.mail (from dropdown)
first_nameAttributeuser.givenname (from dropdown)
last_nameAttributeuser.surname (from dropdown)
  1. Click on “Edit” against the “SAML Certificates” heading.

  2. Make sure the "Signing Option" is set to "Sign SAML response and assertion".

  3. Now we need to select which users can access this application for sign-in into DeepSource. You can either choose to disable assignment to grant access to all users in your AD (follow steps in option i) or you can selectively grant access to specific users (follow steps in option ii).

    1. Navigate to “Properties” using the menu on the left. Turn “Assignment Required?” to “No” and click “Save”.
    2. Navigate to “Users and Groups” using the menu on the left then click “Add user/group”“None Selected” then select the users from the list on the right and click “Select”“Assign”.
  4. Navigate to “Single sign-on” again using the menu on the left and copy the “App Federation Metadata Url” under the “SAML Signing Certificate” section. Make sure the URL starts with

  5. At this point, SAML-based Sign-on has been configured successfully. You can also choose to test to verify the connection by clicking the “Test”“Test sign in” buttons on the “Single sign-on” page.


For Enterprise Cloud users

  • In step 4, name of the app should be changed to DeepSource Enterprise Cloud.
  • In step 7, DeepSource's URL should be changed to

Configuring SAML SSO on DeepSource

Refer to:

SCIM Provisioning

Configuring SCIM on Azure AD

  1. To Enable SCIM Provisioning, go to the DeepSource application you created on Azure in the previous section.
  2. Navigate to “Provisioning” using the menu on the left and click on “Get started”.
  3. On the next page, you will see a field named “Provisioning Mode”. Choose “Advanced” from the dropdown and then fill in the following details under the “Admin Credentials” section.
Tenant URL
Secret TokenSCIM Authentication token which you have put in Admin Panel
  1. Click on “Test Connection” to verify the SCIM connection.
  2. Click on ”Save” to apply the settings.
  3. Finally, navigate back to the “Provisioning” tab and click on “Start provisioning” to enable the sync.


For Enterprise Cloud users

In step 3, the following values should be used instead:

Tenant URL
Secret TokenSCIM Authentication token generated from DeepSource

Configuring SCIM on DeepSource

Refer to:


You have successfully configured SCIM provisioning for your DeepSource Enterprise via Azure AD.