This document explains the process to enable SSO for DeepSource using SAML 2.0 with OneLogin as the Identity Provider (IdP).


SAML-based Sign-on

Configuring SSO on OneLogin


For now, an admin (on OneLogin) needs to create a custom SAML connector for DeepSource Enterprise. The steps for which are as given:

  1. On the top menu, go to "Applications" → "Applications", and click on "Add App".

  2. Search for and choose “SAML Custom Connector (Advanced)”.

  3. Fill in the following details and click “Save”:

    Untitled

    Field Value
    Display Name DeepSource Enterprise Server
    Rectangular Icon Upload https://www.dropbox.com/sh/x7i2lrcodblyxuy/AACPCNPc0Z_TT3BlHpnRr5Hra?dl=0&preview=workmark.png (optional)
    Square Icon Upload https://www.dropbox.com/sh/x7i2lrcodblyxuy/AACPCNPc0Z_TT3BlHpnRr5Hra?dl=0&preview=logo.png (optional)
  4. Navigate to “Configuration” tab using the sidebar on the left.

  5. Assuming that DeepSource is hosted on "https://deepsource.foobar.com", fill in the following details accordingly leaving the rest of the fields with defaults and click “Save”:

    Untitled

    Untitled

    Untitled

    Field Value
    Audience (EntityID) https://deepsource.foobar.com/saml2/metadata/
    Recipient https://deepsource.foobar.com/saml2/acs/
    ACS (Consumer) URL Validator https://deepsource.foobar.com/saml2/acs/
    ACS (Consumer) URL https://deepsource.foobar.com/saml2/acs/
    SAML signature element Both (from dropdown)
    Sign SLO Request
    Sign SLO Response
  6. Navigate to the “Parameters” using the sidebar on the left.

  7. Fill in the following details and click “Save”:

    Untitled

    Field Value
    NameID value Email
    first_name - First Name (from dropdown)
  8. Navigate to the “SSO” using the sidebar on the left.

  9. Change the “SAML Signature Algorithm” field to use a stronger algorithm such as “SHA-512” (from dropdown) and click on “Save”.

  10. On the same screen, copy the “Issuer URL”. It should be in the format https://app.onelogin.com/saml/metadata/<app-uuid>.

Changes on Kotsadm


Once OneLogin has been configured, navigate to “Config” tab in the Admin panel (replicated Kotsadm):