Configuring single sign-on (SSO) (Obsolete)

Note:

Since version 5.4.0, the single sign-on (SSO) configuration is done by the team admin in the Tabnine console.

When upgrading from older versions to version 5.4.0 or higher, the values in the existing YAML file will be migrated once to your installation.

Tabnine provides full SAML 2.0 support so you can integrate with your chosen IdP and manage your Tabnine users’ SSO login in a centralized way. Here you can find the walkthrough process for integrating with the common IdPs in the market. Common IdPs for SAML Integration:

Integrate with Azure as a SAML IdP

Enter https://portal.azure.com/.
After logging into Azure, go to the Azure Active Directory tab.
Select Enterprise applications service.
Choose New application.
Choose Create your own application.
Choose Non-gallery application. (Integrate any other application you don't find in the gallery.)
Name it (for example, "TabnineSSO") and click Add.
Choose Setup single sign-on.
Select SAML-based Sign-on as the SSO mode.
Next, add the Tabnine service provider details to the configuration in Azure. Set the following values in Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), replacing tabnine.customer.com with your Tabnine cluster domain:
Choose user.mail as the value for Unique User Identifier:
In Section 3 - SAML Certificates, choose Download certificate (Base64).
In Section 4, copy Login URL value to use in the next step.
To enable SSO, edit the following sections in values.yaml

Obsolete: Since version 5.4.0, the single sign-on (SSO) configuration is done by the team admin in the Tabnine console and not using the YAML file.

Edit the value of the following:

cert: Paste the file content of certificate (Base64), paste in the line under cert: |
entrypoint: Use the Login URL value copied from the Azure portal.

auth:
# -- SAML configuration
  saml:
    enabled: true
    cert: |

    wantsResponseAuthSigned: false
    wantsAssertionSigned: true
# -- Use 'Login URL' value
    entrypoint: null

Now that values.yaml is updated, it's time to update the chart on the cluster:

helm upgrade --install -n tabnine --create-namespace tabnine oci://registry.tabnine.com/self-hosted/tabnine-cloud --values values.yaml

Integrate with Okta as a SAML IdP

Enter your Okta admin panel in Applications > Create App Integration > SAML2 integration.
Set an App name (e.g., "Tabnine"):
Next, set the following values: Single sign-on URL: https://tabnine.customer.com/auth/sign-in/sso/saml/callback Audience URI (SP Entity ID): https://tabnine.customer.com/auth/sign-in/sso/saml Name ID format: EmailAddress NOTE: Replace tabnine.customer.com with your Tabnine cluster domain.
Choose I'm an Okta customer adding an internal app.
In the created App in Okta ("Tabnine"), Sign on tab Copy Sign on URL'value and Signing Certificate values
To enable SSO, edit the following sections in values.yaml:

Obsolete: Since version 5.4.0, the single sign-on (SSO) configuration is done by the team admin in the Tabnine console and not using the YAML file.

cert: Paste the Signing certificate value in the line under cert: |
entrypoint: Use the Sign on URL value that was copied

auth:
# -- SAML configuration
  saml:
    enabled: true
    cert: |

    wantsResponseAuthSigned: false
    wantsAssertionSigned: true
# -- Use 'Login URL' value
    entrypoint: null

Now that values.yaml is updated, it's time to update the chart on the cluster:

helm upgrade --install -n tabnine --create-namespace tabnine oci://registry.tabnine.com/self-hosted/tabnine-cloud --values values.yaml

Last updated 7 months ago

Integrate with Azure as a SAML IdP

Enter https://portal.azure.com/.

After logging into Azure, go to the Azure Active Directory tab.

Select Enterprise applications service.

Choose New application.

Choose Create your own application.

Choose Non-gallery application. (Integrate any other application you don't find in the gallery.)

Name it (for example, "TabnineSSO") and click Add.

Choose Setup single sign-on.

Select SAML-based Sign-on as the SSO mode.

Next, add the Tabnine service provider details to the configuration in Azure. Set the following values in Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), replacing tabnine.customer.com with your Tabnine cluster domain:

Choose user.mail as the value for Unique User Identifier:

In Section 3 - SAML Certificates, choose Download certificate (Base64).

In Section 4, copy Login URL value to use in the next step.

To enable SSO, edit the following sections in values.yaml

Obsolete: Since version 5.4.0, the single sign-on (SSO) configuration is done by the team admin in the Tabnine console and not using the YAML file.

Edit the value of the following:

cert: Paste the file content of certificate (Base64), paste in the line under cert: |

entrypoint: Use the Login URL value copied from the Azure portal.

auth:
# -- SAML configuration
  saml:
    enabled: true
    cert: |

    wantsResponseAuthSigned: false
    wantsAssertionSigned: true
# -- Use 'Login URL' value
    entrypoint: null

Now that values.yaml is updated, it's time to update the chart on the cluster:

helm upgrade --install -n tabnine --create-namespace tabnine oci://registry.tabnine.com/self-hosted/tabnine-cloud --values values.yaml

Integrate with Okta as a SAML IdP

Enter your Okta admin panel in Applications > Create App Integration > SAML2 integration.

Set an App name (e.g., "Tabnine"):

Next, set the following values: Single sign-on URL: https://tabnine.customer.com/auth/sign-in/sso/saml/callback Audience URI (SP Entity ID): https://tabnine.customer.com/auth/sign-in/sso/saml Name ID format: EmailAddress NOTE: Replace tabnine.customer.com with your Tabnine cluster domain.

Choose I'm an Okta customer adding an internal app.

In the created App in Okta ("Tabnine"), Sign on tab Copy Sign on URL'value and Signing Certificate values

To enable SSO, edit the following sections in values.yaml:

Obsolete: Since version 5.4.0, the single sign-on (SSO) configuration is done by the team admin in the Tabnine console and not using the YAML file.

cert: Paste the Signing certificate value in the line under cert: |

entrypoint: Use the Sign on URL value that was copied

auth:
# -- SAML configuration
  saml:
    enabled: true
    cert: |

    wantsResponseAuthSigned: false
    wantsAssertionSigned: true
# -- Use 'Login URL' value
    entrypoint: null

Now that values.yaml is updated, it's time to update the chart on the cluster:

helm upgrade --install -n tabnine --create-namespace tabnine oci://registry.tabnine.com/self-hosted/tabnine-cloud --values values.yaml