Trust centerTabnine websiteTabnine SaaS DocsContact sales
Search
K
Links
Comment on page

Single Sign-on (SSO)

Tabnine provides full SAML 2.0 support so you can integrate with your chosen IdP and manage your Tabnine users’ SSO login in a centralized way. Here you can find the walkthrough process for integrating with the common IdP’s in the market. Common IdP’s for SAML Integration:
  1. 1.
    Azure
  2. 2.
    Okta

Integrate with Azure as a SAML IdP

  1. 1.
    Enter https://portal.azure.com/.
  2. 2.
    After logging into Azure, go to 'Azure Active Directory' tab.
  3. 3.
    Select ‘Enterprise applications’ service.
  4. 4.
    Choose ‘New application’.
  5. 5.
    Choose 'Create your own application'.
  6. 6.
    Choose ‘Non-gallery application’. (Integrate any other application you don't find in the gallery.
  7. 7.
    Name it (for example, TabnineSSO) and click ‘Add’.
  8. 8.
    Choose ‘Setup single sign-on’.
  9. 9.
    Select ‘SAML-based Sign-on’ as the SSO mode
  10. 10.
    Next, you will need to add Tabnine service provider details to the configuration in Azure as follows (set the following values in 'Identifier (Entity ID)' and 'Reply URL (Assertion Consumer Service URL)', replace 'tabnine.customer.com' with your tabnine cluster domain):
  11. 11.
    Choose ‘user.mail’ as the value for ‘Unique User Identifier’.
  12. 12.
    In Section 3 - SAML Certificates, choose 'Download' certificate (Base64)
  13. 13.
    In Section 4 - copy 'Login URL' value, it will be used in the next step
  14. 14.
    In order to enable SSO, edit the following sections in values.yaml
Edit the value of the following:
  • cert - paste the file content of certificate (Base64), paste in the line under the 'cert: |'
  • entrypoint - use 'Login URL' value copied from Azure portal
auth:
# -- SAML configuration
saml:
enabled: true
cert: |
wantsResponseAuthSigned: false
wantsAssertionSigned: true
# -- Use 'Login URL' value
entrypoint: null
Now that values.yaml is updated, it is time to update the chart on the cluster:
helm upgrade --install -n tabnine --create-namespace tabnine oci://registry.tabnine.com/self-hosted/tabnine-cloud --values values.yaml

Integrate with Okta as a SAML IdP

  1. 1.
    Enter your Okta admin panel –> Applications –> Create App Integration -> SAML2 integration.
  2. 2.
    Set an App name (e.g. 'Tabnine')
  3. 3.
    Next, set the following values in: Single sign-on URL = 'https://tabnine.customer.com/auth/sign-in/sso/saml/callback'. Audience URI (SP Entity ID) = 'https://tabnine.customer.com/auth/sign-in/sso/saml'. Name ID format = 'EmailAddress'. ** replace 'tabnine.customer.com' with your tabnine cluster domain
  4. 4.
    Choose 'I'm an Okta customer adding internal app'.
  5. 5.
    In the created App in Okta ('Tabnine') -> Sign on tab Copy 'Sign on URL' value and 'Signing Certificate' values
  6. 6.
    In order to enable SSO, edit the following sections in values.yaml
    Edit the value of the following:
    • cert - paste the 'Signing certificate' value. Paste in the line under the 'cert: |'
    • entrypoint - use 'Sign on URL' value that was copied
    auth:
    # -- SAML configuration
    saml:
    enabled: true
    cert: |
    wantsResponseAuthSigned: false
    wantsAssertionSigned: true
    # -- Use 'Login URL' value
    entrypoint: null
    Now that values.yaml is updated, it is time to update the chart on the cluster:
    helm upgrade --install -n tabnine --create-namespace tabnine oci://registry.tabnine.com/self-hosted/tabnine-cloud --values values.yaml
Last modified 4mo ago