LogoLogo
Tabnine websiteContact Sales
  • 👋Welcome
    • Overview
      • Architecture
        • Deployment options
      • Security
      • Privacy
      • Protection
        • Provenance and Attribution
      • Personalization
        • Tabnine’s Personalization in Depth
        • Connection: Global Codebase Awareness
      • AI Models
        • Tabnine's private and protected Universal models
        • Tabnine's fine-tuned AI models
      • Integrations
        • Atlassian Jira
      • System Requirements
      • Supported Languages
      • Supported IDEs
      • Tabnine Subscription Plans
        • Dev Preview
        • Dev
        • Pro
        • Enterprise (SaaS)
        • Enterprise (private installation)
    • Support & Feedback
  • 🚀Getting started
    • Install
      • Client setup (SaaS)
        • VS Code
          • Install Tabnine in VS Code
          • Activate Tabnine in VS Code
        • JetBrains IDEs
          • Install Tabnine in a JetBrains IDE
          • Activate Tabnine in a JetBrains IDE
        • Visual Studio
          • Install Tabnine in Visual Studio 2022
          • Activate Tabnine in Visual Studio 2022
        • Eclipse
          • Install Tabnine in Eclipse
          • Activate Tabnine in Eclipse
        • Sign in
          • Using an email
          • Using an authentication token
      • Client setup (private installation)
        • Join your team (private installation)
        • VS Code (private installation)
        • JetBrains IDEs (private installation)
        • Visual Studio (private installation)
        • Eclipse (private installation)
    • Quickstart Guide
      • Menus and Icons
    • Getting the Most from Tabnine Code Completions
      • Pause (snooze)
    • Getting the Most from Inline Actions
    • Getting the Most from Tabnine Chat
      • Launching Tabnine Chat
      • Interacting with Tabnine Chat
      • Reviewing suggestions
      • Writing prompts
      • Chat Context
        • Understanding Context
        • Jira Connection
        • Context Scoping
      • Conversing with Tabnine Chat
      • Switching between chat AI models
      • Image Prompts
      • Tabnine's Prompting Guide
        • Getting Started
        • Basic Prompting
          • Be specific and clear
          • Define the context
          • Start a fresh conversation as appropriate
          • Include necessary details
          • Ask for examples
          • Be concise but complete
  • 💪Software Development with Tabnine
    • Overview
    • Plan
    • Create
    • Test
      • Intro to the Test Agent
      • Test Agent Workflow
      • Custom Commands
      • Generate Test Files with @Mentions
    • Review
    • Fix
    • Document
    • Explain
    • Maintain
  • 🏭Administering Tabnine
    • Start a team
    • Manage a team
    • SaaS
      • Tabnine Pro team admin
        • Purchase Tabnine Pro
        • Adding and inviting users to Tabnine Pro
        • Assigning an admin role to a team member
        • Removing a team member
        • Tabnine Pro: Manage subscription and billing
        • Tabnine Pro - Change your payment method
        • Tabnine Pro - Change plan from monthly to annual
        • Unsubscribe from Tabnine Pro plan
      • Joining a Tabnine Pro team
      • Enterprise (SaaS) team admin
        • Set up a Tabnine Enterprise (SaaS) account
        • Invite team members
        • Manage your team
        • AI models for Chat (Enterprise SaaS)
      • Enterprise (SaaS) team member
        • Join your Tabnine team by invitation email (team member)
        • Join Tabnine team by link (member)
    • Private installation
      • Server setup guide
        • Kubernetes (MicroK8s) Installation guide
        • Deployment guide
          • Tabnine update guide
        • Air-gapped deployment guide
      • Admin guide
        • Monitoring Tabnine
        • Prometheus Operator install
        • Audit logs
      • Managing your team
        • Tabnine teams
        • Roles in an enterprise
        • Inviting users to your team
        • Deactivating and reactivating users
        • Deleting PII data of a deactivated user
        • Reset user's password
        • Usage reports
          • Reports Glossary
          • CSV-based reports (V2)
            • Configuring scheduled CSV reports
            • CSV-based reports V1 (Depracted since version 5.7.0
          • Usage API
        • Settings
          • General
          • Single Sign-On (SSO)
          • Personalization (f.k.a. Workspace)
            • Connecting to Remote Repositories
          • Email
          • License
          • Models
          • Access Tokens
        • IdP Sync
      • Release Notes
  • 📣Product Updates
    • What's new?
      • What's new? (August 2024)
      • What's new? (July 2024)
      • What's new? (June 2024)
      • What's new? (May 2024)
      • What's new? (April 2024)
      • What's new? (March 2024)
      • What's new? (February 2024)
      • What's new? (January 2024)
Powered by GitBook
On this page
  • User Types
  • Team and Role Assignment
  • Test Mode and Live Mode
  • How to Set Up IdP Sync
  • Configuring your Identity Provider for IdP Sync
  • Disabling IdP Sync

Was this helpful?

  1. Administering Tabnine
  2. Private installation
  3. Managing your team

IdP Sync

IdP Sync in Tabnine implements automatic user provisioning and de-provisioning, replacing manual user management.

IdP Sync in Tabnine implements automatic user provisioning and de-provisioning, replacing manual user management.

Tabnine offers an IdP sync functionality based on the SCIM 2.0 protocol. IdP Sync uses the SCIM Users API to manage new users and existing users. Changes made in the IdP (add/remove users) are reflected in Tabnine automatically.

IdP sync is available for Enterprise customers using either self-hosted (private) installations or Enterprise SaaS users (console.tabnine.com).

User Types

All users are either “registered” (active) or “deactivated” (inactive). There are no hard deletes in the Tabnine system, so admins must deactivate a user (not delete).

Tabnine plans to implement the SCIM Groups API in the near future for role and team management.

Newly synced users (users that have never been registered before) will receive an email upon registration, By default, they will be designated registered users.

Existing users will be synced by email match and given the status of synced users. Once they are synced, they can only be managed by the IdP and not manually.

Unrecognized users are those users that already exist in Tabnine but for some reason aren’t found in the IdP. This could be due to a misconfiguration in the IdP itself. These users continue to be managed manually.

Team and Role Assignment

Team and role management is currently manual. Whenever a user is added to the system, that user has a default status of “member.”

Admins would assign new roles to users, such as “admin,” by changing the “member” status.

Team assignments are critical in Tabnine IdP Sync. Without a team assignment, the user cannot work.

Admins have the option to automatically assign new users to a default team so they can work immediately (and move them to a different team manually), or to leave them unassigned.

Admins may choose to leave users unassigned for different reasons, but an unassigned member still counts toward the number of licenses your organization uses with Tabnine.

We advise these team-less users not to be left that way in the long-term (if a member user is not active for the long-term, set that user to “deactivated”).

Unsynced Users: An error may occur where users not recognized by the IdP remain unchanged unless manually updated.

Test Mode and Live Mode

IdP Sync can be set to either Test Mode or Live Mode. Live Mode will apply IdP updates in real time with sync happening continuously.

To push updates, ensure the IDP is properly configured. The first sync can take up to an hour.

It is a best practice to start with Test Mode. Ensure that your SCIM configuration is set properly.

Test Mode will simulate and preview changes in IdP Sync, but not apply them. If admins are satisfied with the preview, they can push the changes live.

How to Set Up IdP Sync

Users must request activation from an account manager or Tabnine Support, as IdP Sync is not available by default.

Once given access, admins must follow the three following steps:

First, enable IdP Sync in the Admin Console, choosing Test or Live.

Next, generate SCIM API key.

Configuring your Identity Provider for IdP Sync

Back in your IDP (Okta, Entra ID, etc.), add the 1) Tabnine SCIM URL and 2) API key.

If you do not already have an existing Tabnine application in Azure Entra ID, follow these instructions:

  1. Set up an enterprise application. Navigate from: Enterprise Applications > New Application > Create your own application

  2. Next, name it Tabnine and choose "Integrate any other application you don't find in the gallery."

Navigate to your Tabnine application.

Click on Get Started and then choose Automatic.

At this point, add a) the Tabnine SCIM URL and b) the Tabnine-generated API key.

Select Test the connection.

In the Provisioning section, select "Sync only assigned users and groups."

Once in place, hit Start.

Head over to Okta. On the lefthand side menu, select Applications, then select your Tabnine app.

Next, navigate from General > App Settings > Edit. Then, check off Enable SCIM Provisioning and hit Save.

Proceed to Provisioning.

Add your Tabnine SCIM URL under SCIM connector base URL.

Under Authentication Mode, Select "HTTP Header."

Now add your Tabnine-generated API key under HTTP Header - Authorization.

Once in place, hit Save.

The sync cycle only starts when the IdP initiates it and the Tabnine SCIM service is running with a valid token. Syncs (e.g., from Entra ID) may take up to an hour.

Disabling IdP Sync

When disabling IdP sync, admins can choose to convert all synced users to unsynced users, or deactivate all synced users.

Last updated 22 days ago

Was this helpful?

Azure Entra ID

Okta

🏭