External identity provider setup

DevRev can be configured to use external identity providers for SSO.

If you want DevRev to use an external identity provider, follow the instructions for your organization’s provider.

Before you begin

To register DevRev as a SAML 2.0 application, you need the slug for your dev org.

To get the dev_oid and slug, run the following command:

1 curl --location --request GET 'https://api.devrev.ai/internal/dev-orgs.self.get' \
2 --header 'Authorization: <your PAT>'

In the response, the dev_oid is returned as the display_id.

Ensure the connection_name combines the dev_oid prefix with a custom string and matches the regex pattern:

1 ^`[a-zA-Z0-9]`(-`[a-zA-Z0-9]`|`[a-zA-Z0-9]`)*$

This means it should:

Start with an alphanumeric character.
Contain alphanumeric characters or hyphens, without consecutive or trailing hyphens.

The API call to create the connection fails if this pattern is not followed.

You can register DevRev as an identity provider in any of the following services.

Log in to Azure Active Directory and select Enterprise applications > + New application.
Search for "Azure AD SAML Toolkit" in the Browse Azure AD Gallery and select it.
Enter DevRev as the name and click Create.
Select Single sign-on > SAML.
Edit the Basic SAML Configuration and enter the following parameters.
- Identifier (Entity ID): urn:auth0:tf-devrev-prod:<dev_oid>-<CUSTOM-STRING>
- Reply URL (Assertion Consumer Service URL): https://auth.devrev.ai/login/callback?connection=<dev_oid>-<CUSTOM-STRING>
- Sign on URL: https://app.devrev.ai/<DEV_ORG_SLUG>
The value of <CUSTOM-STRING> can be anything you select, and it must be the same in both parameters.
Go to Copy > SAML Certificates and save the App Federation Metadata URL.
In the Azure portal, go to the application named "DevRev" that you created earlier under Enterprise applications. Within the application, go to Users and Groups and assign the users who can access the app.