SAML SSO & SCIM: Okta
This document explains the process to enable SAML SSO and SCIM on DeepSource using Okta as the Identity Provider (IdP).
Requires Enterprise Plans
Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) sales@deepsource.io for a demo.
SAML SSO
Configuring SAML SSO on Okta
For now, an admin (on Okta) needs to create a custom SAML integration for DeepSource Enterprise. The steps for which are as given:
- On the left sidebar, choose “Applications” → “Applications”, and click on “Create App Integration”.
- Choose “SAML 2.0” and click “Next”.
- Fill in the following details:
Field | Value |
---|---|
App Name | DeepSource |
- Assuming that DeepSource is hosted on-premise at
https://deepsource.foobar.com
, fill in the following details accordingly:
If you’re on DeepSource Enterprise Cloud, replace https://deepsource.foobar.com with https://app.deepsource.com
Field | Values |
---|---|
Single sign on URL | https://deepsource.foobar.com/saml2/acs/ |
Audience URI (SP Entity ID) | https://deepsource.foobar.com/saml2/metadata/ |
Name ID format | EmailAddress (choose from drop down) |
Application username | Email (choose from drop down |
- In “Attribute Statements”, add the following:
Field | Name format | Value |
---|---|---|
first_name | Basic | user.firstName |
last_name | Basic | user.lastName |
-
Under Feedback selection, choose:
- For “Are you a customer or partner?”, choose “I am an Okta customer, adding an internal app”.
- App type: check the box — This is an internal app that we have created. Otherwise, Okta will ask for many other fields. Click on “Finish”.
-
On the next screen, go to the “SAML Signing Certificates” section. Copy the link for “Identity Provider Metadata” by clicking on
Actions -> View IdP metadata
for the “SHA-2 Type” certificate. It should be in the format:https://<customer>.okta.com/app/<app-slug>/sso/saml/metadata
.
Configuring SAML SSO on DeepSource
Refer to:
- Setup SAML SSO -> Configuration on DeepSource Enterprise Cloud, or,
- Setup SAML SSO -> Configuration on DeepSource Enterprise Server.
SCIM Provisioning
Configuring SCIM on Okta
- To Enable SCIM Provisioning, select DeepSource application, then go to
General → App Settings → Edit
and turn onEnable SCIM provisioning
.
- Click on the Provisioning tab, under SCIM Connection, click on Edit and configure the given parameters.
Field | Values |
---|---|
SCIM connector base URL | https://deepsource.foobar.com/scim/v2/ |
Unique identifier field for users | |
Supported provisioning actions | Push New Users, Push Profile Updates, Push Groups |
Authentication Mode | HTTP Header |
Authorization bearer token | SCIM Authentication token which you have put in replicated console (kotsadm) |
If you’re on DeepSource Enterprise Cloud, use the following values instead of the values defined above.
Field | Values |
---|---|
SCIM connector base URL | https://app.deepsource.com/scim/v2/ |
Unique identifier field for users | |
Supported provisioning actions | Import New Users and Profile Updates, Push New Users, Push Profile Updates |
Authentication Mode | HTTP Header |
Authorization bearer token | SCIM Authentication token generated from DeepSource |
-
Click on Test Connector Configuration to verify SCIM connection.
-
Click on Save to apply the settings.
-
After the integration is saved successfully, go to To App option on the left sidebar under Settings inside Provisioning.
-
Enable the following options:
- Create Users
- Update User Attributes
- Deactivate Users
and, click on Save.
Configuring SCIM on DeepSource
Refer to:
- Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Cloud, or,
- Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Server.
You have successfully configured SCIM provisioning for your DeepSource Enterprise via Okta.