This article introduces authentication and access control in Devin.
Devin Enterprise recommends configuring single sign-on (SSO) and unified login for greater security and improved usability. SSO enables your users to sign into Devin Enterprise with your organization’s identity provider. See Configure SSO in Devin
If you don’t configure SSO, users can login to Devin Enterprise using a selected external account such as Google. Github is not recommended, as often personal Github emails and work emails do not match.
Devin Enterprise implements a comprehensive Role-Based Access Control (RBAC) system that integrates with your existing identity infrastructure. This section explains how to configure and leverage RBAC for your organization.
When configuring Devin Enterprise with your Identity Provider (IdP), observe the following group information flow:
You can configure which IdP groups have access to specific organizations:
Devin Enterprise determines user access through multiple pathways:
For Git repository access, Devin Enterprise:
This approach allows you to leverage your existing identity management system while providing secure, role-based access to Devin Enterprise resources.
You can sync users and groups from your IdP to Devin Enterprise, ensuring they have the right access. Groups can have member or admin roles and may belong to multiple organizations.
To enable automatic user matching, provide a mapping of groups to roles and organizations. After authentication, Devin Enterprise extracts group information from the JWT token your IdP sends and matches users accordingly.
Contact us if you require SCIM.
When a user is removed from your identity provider, that user is deactivated in Devin Enterprise. In order to configure IdP group permissions please reach out to us directly.
Devin Enterprises can have unlimited organizations.
Access Condition | Description |
---|---|
Member of the organization | You can access the organization if you’re a member. |
Enterprise admin (owns the enterprise) | You can access and edit the enterprise and sub-organizations. |
Organization admin (owns the org) | You can access and edit the organization. |
Part of an IdP group that’s a member | You can access the enterprise or organization if you’re part of an IdP group that’s a member/admin. |
IdP groups are fetched upon user-login, so changes in group membership will require reauthentication.