Sourcegraph Accounts Management System (SAMS) is the centralized single-email accounts system for all of the Sourcegraph-operated systems operated on Sourcegraph Managed Services Platform (MSP). SAMS provides:

• Single Sign-On (SSO) experience for users of those systems, and cross-system reference-able user ID.
• Out-of-the-box machine-to-machine authentication and authorization capabilities.

SAMS is compliant with OAuth 2 and OIDC protocols but only exposes a subset of the full capabilities for security reasons. In particular, only the following flows are allowed:

• Authorization Code Flow
• Refresh Token Flow
• Client Credentials Flow

The OpenID Discovery endpoint lays out all the protocol details that a Service Provider (aka. Relay Party) needs to know to integrate with SAMS.

SAMS is developed and operated by the Core Services team, and is core component of Core Services Foundations.

System designs and integrations

SAMS strives for the best DX and ease of integration via ‣.

Here is a list of important system designs and their integration documentation:

SAMS token scope specification

SAMS Machine-to-machine (M2M) Authentication and Authorization

SAMS notifications distribution system

SAMS Roles & Resources

Internal documents