SAML SSO & SCIM: OneLogin

This document explains the process to enable SAML SSO and SCIM on DeepSource Enterprise Server using OneLogin as the Identity Provider (IdP).

SAML SSO

Configuring SSO on OneLogin

For now, an admin (on OneLogin) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as given:

  1. On the top menu, go to Applications → Applications, and click on "Add App".

  2. Search for and choose “SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)”.

  3. Fill in the following details and click “Save”:

    1

    FieldValue
    Display NameDeepSource Enterprise Server

  4. Navigate to “Configuration” tab using the sidebar on the left.

  5. Assuming that DeepSource is hosted on https://deepsource.foobar.com, fill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:

    2 3

    FieldValue
    SAML Audience URLhttps://deepsource.foobar.com/saml2/metadata/
    Recipienthttps://deepsource.foobar.com/saml2/acs/
    ACS (Consumer) URL Validatorhttps://deepsource.foobar.com/saml2/acs/
    ACS (Consumer) URLhttps://deepsource.foobar.com/saml2/acs/
    SAML signature elementBoth (from dropdown)

  6. Navigate to the “SSO” using the sidebar on the left.

  7. Change the “SAML Signature Algorithm” field to use a stronger algorithm such as “SHA-512” (from dropdown) and click on “Save”.

  8. On the same screen, copy the “Issuer URL”. It should be in the format https://app.onelogin.com/saml/metadata/<app-uuid>.

Changes on Kotsadm

Once OneLogin has been configured, navigate to “Config” tab in the Admin panel (replicated Kotsadm):

  1. Check "Yes" for "Enable SAML SSO".

  2. Enter the URL copied in Step 10 above for "IdP metadata URL".

    4

  3. One last piece of configuration is whether you want to enable social authentication (i.e. allowing users to be created/log in with GitHub) alongside SAML. In this case, users will be allowed to either sign in via SSO or via OAuth. Choose accordingly.

  4. Click save, and deploy the new version.

🎉 You should now be able to Sign in to DeepSource Enterprise with SAML SSO.

SCIM Provisioning

Changes on Kotsadm

Navigate to “Config” tab in the Admin panel (replicated Kotsadm):

  1. Check "Yes" for "Enable SCIM provisioning".
  2. Enter a strong secret of your choice in "SCIM Authentication token".

    💡 Keep this token saved somewhere, you will need to enter this in Okta while setting up SCIM provisioning

  3. Click save, and deploy the new version.

Configuring SCIM on OneLogin

  1. To Enable SCIM Provisioning, go to your "DeepSource Enterprise Server" application on OneLogin.

  2. Go to the Configuration tab, under API Connection, click on Enable and configure the given parameters.

    5

    FieldValue
    SCIM Base URLhttps://deepsource.foobar.com/scim/v2 (no trailing slash)
    SCIM Bearer TokenSCIM Authentication token which you have put in Admin Panel in the previous step

  3. Click Save to apply the settings.

  4. Go to the Provisioning tab, and configure the given parameters.

    6

    FieldValue
    Enable provisioning
    Create user
    Delete user
    Update user

  5. Click Save to apply the settings.

🎉 You have successfully configured SCIM provisioning for your DeepSource Enterprise via OneLogin.

SAML SSO & SCIM: Okta SAML SSO & SCIM: Azure AD