This document explains the process to enable SSO for DeepSource using SAML 2.0 with Okta as the Identity Provider (IdP).

SAML-based Sign-on

Configuring SSO on Okta

For now, an admin (on Okta) needs to create a custom SAML integration for DeepSource Enterprise. The steps for which are as given:

  1. On the left sidebar, choose "Applications" → "Applications", and click on "Create App Integration".

  2. Choose "SAML 2.0" and click "Next".

    https://s3-us-west-2.amazonaws.com/secure.notion-static.com/4d3fe329-7d24-4254-9954-260cda14381d/Screenshot_2021-07-01_at_10.09.57_AM.png

  3. Fill in the following details:

    https://s3-us-west-2.amazonaws.com/secure.notion-static.com/3023c9ea-48f0-44de-9f47-007c7361c40c/Screenshot_2021-07-01_at_10.11.40_AM.png

    Field Value
    App Name DeepSource Enterprise Server
    App Logo Upload https://www.dropbox.com/sh/x7i2lrcodblyxuy/AACPCNPc0Z_TT3BlHpnRr5Hra?dl=0&preview=logo.png and click "Next"

  4. Assuming that DeepSource is hosted on "https://deepsource.foobar.com", fill in the following details accordingly:

    https://s3-us-west-2.amazonaws.com/secure.notion-static.com/7dfa92f0-cf9b-4de3-97d1-f969d5ba5cb4/Screenshot_2021-07-01_at_10.20.26_AM.png

    Field Values
    Single sign on URL https://deepsource.foobar.com/saml2/acs/
    Audience URI (SP Entity ID) https://deepsource.foobar/saml2/metadata/
    Name ID format EmailAddress (choose from drop down)
    Application username Email (choose from drop down)

  5. In "Attribute Statements", add the following:

    https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e84d2be9-e729-40f4-813c-212466f8b3b8/Screenshot_2021-07-01_at_10.20.48_AM.png

    Field Name format Value
    first_name Basic user.firstName
    last_name Basic user.lastName

  6. Under Feedback selection, choose:

    1. For "Are you a customer or partner?", choose "I am an Okta customer, adding an internal app".
    2. App type: check the box — This is an internal app that we have created. Otherwise, Okta will ask for many other fields. Click on "Finish".

  7. On the next screen, go to the “SAML Signing Certificates” section. Copy the link for "Identity Provider Metadata" by clicking on Actions -> View IdP metadata for the “SHA-2 Type” certificate.

    Screenshot 2022-06-08 at 15-06-55 okta-dev-70200373 - DeepSource Enterprise Server DeepSource Enterprise Server.png

    <aside> 💡 It should be in the following format: https://<customer>.okta.com/app/<app-slug>/sso/saml/metadata

    </aside>

Changes on Kotsadm

Once SAML has been configured on Azure AD, navigate to “Config” tab in the Admin panel (replicated Kotsadm):

  1. Check "Yes" for "Enable SAML SSO".
  2. Enter the URL copied in Step 7 above for "IdP metadata URL".
  3. One last piece of configuration is whether you want to enable social authentication (i.e. allowing users to be created/log in with GitHub) alongside SAML. In this case, users will be allowed to either sign in via SSO or via OAuth. Choose accordingly.