SAML SSO & SCIM: OneLogin

This document explains the process to enable SAML SSO and SCIM on DeepSource using OneLogin as the Identity Provider (IdP).

📘

Requires Enterprise Plans

Enabling SAML SSO and SCIM requires the team to be on Enterprise Cloud or Server plans. Please reachout to your account manager (or) [email protected] for a demo.

SAML SSO

Configuring SAML SSO on OneLogin

For now, an admin (on OneLogin) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as given:

  1. On the top menu, go to Applications → Applications, and click on "Add App".
  2. Search for and choose “SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)”.
  3. Fill in the following details and click “Save”:

FieldValue
Display NameDeepSource Enterprise Server
  1. Navigate to the “Configuration” tab using the sidebar on the left.
  2. Assuming that DeepSource is hosted onhttps://deepsource.foobar.com, fill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:

FieldValue
SAML Audience URLhttps://deepsource.foobar.com/saml2/metadata/
SAML Audience URLhttps://deepsource.foobar.com/saml2/acs/
ACS (Consumer) URL Validatorhttps://deepsource.foobar.com/saml2/acs/
ACS (Consumer) URLhttps://deepsource.foobar.com/saml2/acs/
SAML signature elementBoth (from dropdown)
  1. Navigate to the “SSO” using the sidebar on the left.
  2. Change the “SAML Signature Algorithm” field to use a stronger algorithm such as “SHA-512” (from dropdown) and click on “Save”.
  3. On the same screen, copy the “Issuer URL”. It should be in the format https://app.onelogin.com/saml/metadata/<app-uuid>.

🚧

For Enterprise Cloud users

  • In step 3, name of the app should be changed to DeepSource Enterprise Cloud.
  • In step 5, DeepSource's URL should be changed to https://app.deepsource.com.

Configuring SAML SSO on DeepSource

Refer to:

SCIM Provisioning

Configuring SCIM on OneLogin

  1. To Enable SCIM Provisioning, go to your "DeepSource Enterprise Server" application on OneLogin.
  2. Go to the Configuration tab, under API Connection, click on Enable and configure the given parameters.
FieldValue
SCIM Base URLhttps://deepsource.foobar.com/scim/v2 (no trailing slash)
SCIM Bearer TokenSCIM Authentication token which you have put in Admin Panel in the previous step
  1. Click on Save to apply the settings.
  2. Go to the Provisioning tab, and configure the given parameters.

FieldValue
Enable provisioning
Create user
Delete user
Update user
  1. Click on Save to apply the settings

🚧

For Enterprise Cloud users

In step 2, the following values should be used instead:

FieldValues
SCIM Base URLhttps://app.deepsource.com/scim/v2 (no trailing slash)
SCIM Bearer TokenSCIM Authentication token generated from DeepSource

Configuring SCIM on DeepSource

Refer to:

🎉

You have successfully configured SCIM provisioning for your DeepSource Enterprise via OneLogin.