Single Sign-On (SSO)

Configuring Single Sign-On (SSO)

Tabnine provides full SAML 2.0 support so you can integrate with your chosen IdP and manage your Tabnine users’ SSO login in a centralized way. Here you can find the walkthrough process for integrating with the common IdPs in the market.

Setting SSO

• Sign in to the Tabnine console as an admin.

• Go to the General page under Settings.

• In the Single Sign-on section, enable the toggle button.

2. After logging into Azure, go to the Azure Active Directory tab.

3. Select Enterprise applications service.

4. Choose New application.

5. Choose Create your own application.

6. Choose Non-gallery application. (Integrate any other application you don't find in the gallery.)

7. Name it (for example, "TabnineSSO") and click Add.

8. Choose Setup single sign-on.

9. Select SAML-based Sign-on as the SSO mode.

10. Next, add the Tabnine service provider details to the configuration in Azure. Set the following values in Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL), replacing tabnine.customer.com with your Tabnine cluster domain:
11. Choose user.mail as the value for Unique User Identifier:
12. In Section 3 - SAML Certificates, choose Download certificate (Base64).

13. In Section 4, copy Login URL value to use in the next step.

14. Finally, make sure the following are checked at the bottom: ☑ wantsAssertionSigned and ☑ disableRequestedAuthnContext

1. Enter your Okta admin panel in Applications > Create App Integration > SAML2 integration.

2. Set an App name (e.g., "Tabnine"):
3. Next, set the following values: Single sign-on URL: https://tabnine.customer.com/auth/sign-in/sso/saml/callback Audience URI (SP Entity ID): https://tabnine.customer.com/auth/sign-in/sso/saml Name ID format: EmailAddress NOTE: Replace tabnine.customer.com with your Tabnine cluster domain.

1. Choose 🔵 I'm an Okta customer adding an internal app.

1. In the created App in Okta ("Tabnine"), Sign on tab, copy Sign on URL value and Signing Certificate values.