SAML SSO & SCIM: Okta
This document explains the process to enable SAML SSO and SCIM on DeepSource using Okta as the Identity Provider (IdP).
Requires Enterprise Plans
Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.
SAML SSO
Configuring SAML SSO on Okta
For now, an admin (on Okta) needs to create a custom SAML integration for DeepSource Enterprise. The steps for which are as given:
- On the left sidebar, choose "Applications" โ "Applications", and click on "Create App Integration".
- Choose "SAML 2.0" and click "Next".
- Fill in the following details:
| Field | Value |
|---|---|
| App Name | DeepSource |
- Assuming that DeepSource is hosted on-premise at
https://deepsource.foobar.com, fill in the following details accordingly:
Note for Enterprise Cloud Users
If you're on DeepSource Enterprise Cloud, replace https://deepsource.foobar.com with https://app.deepsource.com
| Field | Values |
|---|---|
| Single sign on URL | https://deepsource.foobar.com/saml2/acs/ |
| Audience URI (SP Entity ID) | https://deepsource.foobar.com/saml2/metadata/ |
| Name ID format | EmailAddress (choose from drop down) |
| Application username | Email (choose from drop down |
- In "Attribute Statements", add the following:
| Field | Name format | Value |
|---|---|---|
| first_name | Basic | user.firstName |
| last_name | Basic | user.lastName |
- Under Feedback selection, choose:
- For "Are you a customer or partner?", choose "I am an Okta customer, adding an internal app".
- App type: check the box โ This is an internal app that we have created. Otherwise, Okta will ask for many other fields. Click on "Finish".
- On the next screen, go to the โSAML Signing Certificatesโ section. Copy the link for "Identity Provider Metadata" by clicking on
Actions -> View IdP metadatafor the โSHA-2 Typeโ certificate. It should be in the format:https://<customer>.okta.com/app/<app-slug>/sso/saml/metadata.
Configuring SAML SSO on DeepSource
Refer to:
- Setup SAML SSO -> Configuration on DeepSource Enterprise Cloud, or,
- Setup SAML SSO -> Configuration on DeepSource Enterprise Server.
SCIM Provisioning
Configuring SCIM on Okta
-
To Enable SCIM Provisioning, select DeepSource application, then go to
General โ App Settings โ Editand turn onEnable SCIM provisioning.
-
Click on the Provisioning tab, under SCIM Connection, click on Edit and configure the given parameters.
Field Values SCIM connector base URL https://deepsource.foobar.com/scim/v2/Unique identifier field for users email Supported provisioning actions Push New Users, Push Profile Updates, Push Groups Authentication Mode HTTP Header Authorization bearer token SCIM Authentication token which you have put in replicated console (kotsadm)
Note for Enterprise Cloud
If you're on DeepSource Enterprise Cloud, use the following values instead of the values defined above.
Field Values SCIM connector base URL https://app.deepsource.com/scim/v2/Unique identifier field for users Supported provisioning actions Import New Users and Profile Updates, Push New Users, Push Profile Updates Authentication Mode HTTP Header Authorization bearer token SCIM Authentication token generated from DeepSource
-
Click on Test Connector Configuration to verify SCIM connection.
-
Click on Save to apply the settings.
-
After the integration is saved successfully, go to To App option on the left sidebar under Settings inside Provisioning.
-
Enable the following options:
- Create Users
- Update User Attributes
- Deactivate Users
and, click on Save.
Configuring SCIM on DeepSource
Refer to:
- Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Cloud, or,
- Setup SCIM Provisioning -> Configuration on DeepSource Enterprise Server.
You have successfully configured SCIM provisioning for your DeepSource Enterprise via Okta.
Updated about 1 year ago