SCIM provisioning on Okta

Introduction

System for Cross-domain Identity Management (SCIM) is a standard that helps automate user provisioning. On enabling SCIM for DeepSource Enterprise, user accounts and their relation with groups will automatically be synced between your SCIM provider and DeepSource Enterprise Control Panel.

To learn more about how groups help you manage your DeepSource Enterprise installation better, please refer to our User management documentation.

How to setup SCIM

In order to take benefit from SCIM, there is an initial setup that has to be performed before moving ahead with the steps on this page.

Assigning members

Please refer to the Okta documentation for help on how to assign users to an application.

On assigning users, they will be synced with your DeepSource Enterprise installation regardless of whether they are a part of a group or not.

This is the preferred way of syncing high-level users who should always have access to the DeepSource Enterprise installation regardless of their group memberships.

Assigning groups

Please refer to the Okta documentation for help on how to assign groups to an application.

The users from the assigned group will be immediately synced with your DeepSource Enterprise installation. But, to sync the groups and their memberships to the DeepSource Enterprise installation, an additional step of “Group push” is required.

Enable group push

Please refer to the Okta documentation for help on how to enable group push.

Pushing a group from Okta will create the group and their memberships in DeepSource Enterprise installation.

Removing groups

Please refer to the Okta documentation for help on how to remove a push group.

A user account will be marked as Inactive on your DeepSource Enterprise installation if the sole group that the user was associated with is removed.

Deactivate and delete users

Please refer to the Okta documentation for help on how to deactivate and delete user accounts

Deactivating or deleting a user in Okta will also revoke their access from your DeepSource Enterprise installation and mark them as Inactive.

FAQs & Troubleshooting

  • Why can’t I manage Okta synced groups and users from DeepSource?

    DeepSource Enterprise admins can create groups on DeepSource Enterprise installation and invite users to them. But when SCIM provisioning is enabled, the groups and users which are synced with Okta can no longer be edited on DeepSource Enterprise installation. The admin must update them from Okta.

  • What if I assign new users to DeepSource Enterprise installation from Okta and there are no free seats available?

    Okta will fail to push a new user and an error will be displayed on Okta: A push error displayed in Okta

    To retry the task once your license has been upgraded, please follow these steps.

  • How do I re-enable SCIM after I disabled it?

    If SCIM is disabled, you can manage the group from DeepSource Enterprise installation; i.e you can add and remove users to the group from the DeepSource Enterprise control panel.

    In order to re-enable SCIM, ensure the initial setup is done and then perform a Push now. This will overwrite your DeepSource Enterprise installation groups with the data in Okta.

  • What happens if I want to push a Group with the same name as a preexisting group on DeepSource?

    On pushing a group, its membership will be pushed immediately. The group membership which was configured on the DeepSource Enterprise installation will be overwritten.