📘
Requires Enterprise Plans
Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.

SAML SSO

Configuring SAML SSO on Okta

For now, an admin (on Okta) needs to create a custom SAML integration for DeepSource Enterprise. The steps for which are as given:

On the left sidebar, choose "Applications" → "Applications", and click on "Create App Integration".
Choose "SAML 2.0" and click "Next".

Fill in the following details:

Field	Value
App Name	DeepSource

Assuming that DeepSource is hosted on-premise at https://deepsource.foobar.com, fill in the following details accordingly:

🚧
Note for Enterprise Cloud Users
If you're on DeepSource Enterprise Cloud, replace https://deepsource.foobar.com with https://app.deepsource.com

Field	Values
Single sign on URL	`https://deepsource.foobar.com/saml2/acs/`
Audience URI (SP Entity ID)	`https://deepsource.foobar.com/saml2/metadata/`
Name ID format	EmailAddress (choose from drop down)
Application username	Email (choose from drop down

In "Attribute Statements", add the following:

Field	Name format	Value
first_name	Basic	user.firstName
last_name	Basic	user.lastName

Under Feedback selection, choose:
1. For "Are you a customer or partner?", choose "I am an Okta customer, adding an internal app".
2. App type: check the box — This is an internal app that we have created. Otherwise, Okta will ask for many other fields. Click on "Finish".
On the next screen, go to the “SAML Signing Certificates” section. Copy the link for "Identity Provider Metadata" by clicking on Actions -> View IdP metadata for the “SHA-2 Type” certificate. It should be in the format: https://<customer>.okta.com/app/<app-slug>/sso/saml/metadata.

Configuring SAML SSO on DeepSource

Refer to:

SCIM Provisioning

Configuring SCIM on Okta

To Enable SCIM Provisioning, select DeepSource application, then go to General → App Settings → Edit and turn on Enable SCIM provisioning.

Click on the Provisioning tab, under SCIM Connection, click on Edit and configure the given parameters.

Field	Values
SCIM connector base URL	`https://deepsource.foobar.com/scim/v2/`
Unique identifier field for users	email
Supported provisioning actions	Push New Users, Push Profile Updates, Push Groups
Authentication Mode	HTTP Header
Authorization bearer token	SCIM Authentication token which you have put in replicated console (kotsadm)

🚧
Note for Enterprise Cloud
If you're on DeepSource Enterprise Cloud, use the following values instead of the values defined above.

Field Values
SCIM connector base URL https://app.deepsource.com/scim/v2/
Unique identifier field for users email
Supported provisioning actions Import New Users and Profile Updates, Push New Users, Push Profile Updates
Authentication Mode HTTP Header
Authorization bearer token SCIM Authentication token generated from DeepSource

Field	Values
SCIM connector base URL	`https://app.deepsource.com/scim/v2/`
Unique identifier field for users	email
Supported provisioning actions	Import New Users and Profile Updates, Push New Users, Push Profile Updates
Authentication Mode	HTTP Header
Authorization bearer token	SCIM Authentication token generated from DeepSource

Click on Test Connector Configuration to verify SCIM connection.
Click on Save to apply the settings.
After the integration is saved successfully, go to To App option on the left sidebar under Settings inside Provisioning.
Enable the following options:
- Create Users
- Update User Attributes
- Deactivate Users
and, click on Save.

Configuring SCIM on DeepSource

Refer to:

🎉
You have successfully configured SCIM provisioning for your DeepSource Enterprise via Okta.