Sign in to Devin Enterprise

Devin Enterprise recommends configuring single sign-on (SSO) and unified login for greater security and improved usability. SSO enables your users to sign into Devin Enterprise with your organization’s identity provider. See Configure SSO in Devin If you don’t configure SSO, users can login to Devin Enterprise using a selected external account such as Google. Github is not recommended, as often personal Github emails and work emails do not match.

Technical Overview of Devin’s RBAC Architecture

Devin Enterprise implements a comprehensive Role-Based Access Control (RBAC) system that integrates with your existing identity infrastructure. This section explains how to configure and leverage RBAC for your organization.

Identity Provider Integration

When configuring Devin Enterprise with your Identity Provider (IdP), observe the following group information flow:
  1. During authentication, Devin Enterprise receives group information from your IdP
  2. Your IdP sends group information as claims in the JWT token
  3. Devin Enterprise uses these groups to determine access permissions

Configuring Group-Based Access

You can configure which IdP groups have access to specific organizations:
  1. Map your existing IdP groups to Devin Enterprise organizations
  2. Assign appropriate roles (member or admin) to each group
  3. Users will automatically inherit permissions based on their IdP group membership

Access Control Implementation

Devin Enterprise determines user access through multiple pathways:
  • Direct membership: Individual users assigned to organizations
  • Group membership: Users inherit access from their IdP group memberships
  • Enterprise admin: Administrators have access to all organizations within their enterprise

Repository Access Control

For Git repository access, Devin Enterprise:
  • Inherits permissions from the organization-level access control
  • Supports fine-grained access control at the repository level
  • Maintains consistent authorization across all components
This approach allows you to leverage your existing identity management system while providing secure, role-based access to Devin Enterprise resources.

Sync users and groups from your identity provider

You can sync users and groups from your IdP to Devin Enterprise, ensuring they have the right access. Groups can have member or admin roles and may belong to multiple organizations. To enable automatic user matching, provide a mapping of groups to roles and organizations. After authentication, Devin Enterprise extracts group information from the JWT token your IdP sends and matches users accordingly. 
{
  "sub": "12345",
  "name": "John Doe",
  "email": "johndoe@example.com",
  "groups": ["Engineering", "Admins"],  // Group claim
  "iss": "https://idp.example.com",
  "aud": "your_app_client_id"
}
Contact us if you require SCIM.
When a user is removed from your identity provider, that user is deactivated in Devin Enterprise. In order to configure IdP group permissions please reach out to us directly.

Enterprise Access Control

Devin Enterprises can have unlimited organizations.
Access ConditionDescription
Member of the organizationYou can access the organization if you’re a member.
Enterprise admin (owns the enterprise)You can access and edit the enterprise and sub-organizations.
Organization admin (owns the org)You can access and edit the organization.
Part of an IdP group that’s a memberYou can access the enterprise or organization if you’re part of an IdP group that’s a member/admin.
IdP groups are fetched upon user-login, so changes in group membership will require reauthentication.