Contact Sales

Single Sign-On (SSO)

Configuring Single Sign-On (SSO)

Tabnine provides full SAML 2.0 support so you can integrate with your chosen IdP and manage your Tabnine users’ SSO login in a centralized way. Here you can find the walkthrough process for integrating with the common IdPs in the market.

Setting SSO

  • Sign in to the Tabnine console as an admin.

  • Go to the General page under Settings.

  • In the Single Sign-on section, enable the toggle button.

  • Copy the SAML Callback URL. Fill in the certificate, entry point, identifier format, and AuthnContext from Azure or Okta. Click Save.

"Identifier format" (optional) refers to a name identifier format of the request of your IdP.

"AuthnContext" (optional) specifies the authentication mechanism that the IdP should use and the level of assurance for the user's identity.

Use Azure as a SAML IdP

  1. Enter https://portal.azure.com/.

  2. After logging into Azure, go to the Azure Active Directory tab.

  3. Select Enterprise applications service.

  4. Choose New application.

  5. Choose Create your own application.

  6. Choose Non-gallery application. (Integrate any other application you don't find in the gallery.)

  7. Name it (for example, "TabnineSSO") and click Add.

  8. Choose Setup single sign-on.

  9. Select SAML-based Sign-on as the SSO mode.

  10. Next, add the Tabnine service provider details to the configuration in Azure. Set the following values in Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), replacing tabnine.customer.com with your Tabnine cluster domain:

  11. Choose user.mail as the value for Unique User Identifier:

  12. In Section 3 - SAML Certificates, choose Download certificate (Base64).

  13. In Section 4, copy Login URL value to use in the next step.

  14. Finally, make sure the following are checked at the bottom: ☑ wantsAssertionSigned and ☑ disableRequestedAuthnContext

Be sure to have checked off ☑ wantsAssertionSigned and ☑ disableRequestedAuthnContext for Azure configurations

Use Okta as a SAML IdP

  1. Enter your Okta admin panel in Applications > Create App Integration > SAML2 integration.

  2. Set an App name (e.g., "Tabnine"):

  3. Next, set the following values: Single sign-on URL: https://tabnine.customer.com/auth/sign-in/sso/saml/callback Audience URI (SP Entity ID): https://tabnine.customer.com/auth/sign-in/sso/saml Name ID format: EmailAddress NOTE: Replace tabnine.customer.com with your Tabnine cluster domain.

  1. Choose 🔵 I'm an Okta customer adding an internal app.

  1. In the created App in Okta ("Tabnine"), Sign on tab, copy Sign on URL value and Signing Certificate values.

Last updated

Was this helpful?