Overview
Devin is designed for seamless integration into enterprise environments, with deployment options that balance speed, security, and compliance. Devin can be initiated through the web interface, Slack, or API, ensuring flexibility in how teams engage with the system. Upon activation, Devin operates within a dedicated workspace that includes:- A shell for executing commands.
- A browser for web-based interactions.
- A code editor for reading and writing code.
Devin’s Architecture
Devin’s architecture consists of two key components:- The Brain: A stateless, cloud-based service that powers Devin’s intelligence, always residing in Cognition’s Cloud (similar to GitHub Copilot’s architecture).
- The Devbox: A secure virtual environment where Devin executes code, connects to resources, and interacts with your systems.
Enterprise SaaS Architecture
Customer Dedicated SaaS Architecture
For detailed steps on configuring AWS PrivateLink connectivity, see Dedicated SaaS Private Networking.
Deployment Options
Devin supports two primary deployment models to meet varying enterprise requirements:| Deployment Model | Brain Location | Devbox Location | Network Setup | Primary Advantage | Best For |
|---|---|---|---|---|---|
| Enterprise SaaS | Cognition Cloud | Cognition Cloud | Public / IP Whitelist | Fastest setup, managed infrastructure | Organizations with public or IP-whitelistable resources |
| Customer Dedicated SaaS | Cognition Cloud | Customer-dedicated single-tenant VPC | AWS Private Link or IPSec Tunnel | Tenant isolation with managed infrastructure | Strategic enterprises with private networks |
Choosing a Deployment Model
Enterprise SaaS Deployment is recommended for most organizations looking for a quick setup with minimal operational overhead. Deployment can be completed within minutes. This model works well when your source code management (GitHub.com, GitLab.com, Azure DevOps Cloud) and artifact stores are publicly accessible or can support IP whitelisting. Customer Dedicated SaaS is ideal for strategic enterprises whose resources are on private networks and cannot support IP whitelisting. In this model, Cognition hosts Devin in an auto-scaling, customer-isolated environment within a single-tenant VPC. Your VPC connects to Cognition’s infrastructure via a secure AWS Private Link (or IPSec tunnel), allowing Devin to access your privately networked resources while maintaining tenant isolation. This deployment model supports MFA VPN access to your internal resources.Important Networking Considerations:
- Devin’s Devbox must be able to reach your source code management systems (GitHub, GitLab, Bitbucket, Azure DevOps), artifact stores (Artifactory, CodeArtifact), and other development tools.
- MFA VPNs are not compatible with Enterprise SaaS deployments. If your resources require MFA VPN access, consider Customer Dedicated SaaS.
- OpenVPN is supported with Customer Dedicated SaaS deployments, enabling secure connectivity to your internal resources through your existing VPN infrastructure.
- For self-hosted tools (GitHub Enterprise Server, GitLab self-hosted, Artifactory), you’ll need either IP whitelisting (for SaaS) or a dedicated deployment model.
Deployment Specifications
Customer Dedicated SaaS Requirements
For Customer Dedicated SaaS deployments, Cognition manages the infrastructure on your behalf. Requirements include:-
Network Connectivity:
- AWS Private Link (preferred)
- IPSec tunnel (alternative option)
- Ability to establish secure tunnel between your VPC and Cognition’s single-tenant VPC
-
Access Configuration:
- DNS resolution for your internal resources
- Network routing configured to allow Devin’s Devbox to reach your SCM, artifact stores, and other development tools
Cross-Tenant Communication
Devin’s architecture ensures secure communication between your environment and Cognition’s Cloud.
| Feature | Requirement |
|---|---|
| Networking | Egress access required |
| Ports | HTTPS/443 |
| Connection | On startup, Devin establishes a secure WebSocket connection to an isolated container in Cognition’s tenant |
| Communication | All subsequent operations occur over this secure channel |
| Isolation | Backend session isolation for enhanced security |
SSO Guides
Use the following guides to configure single sign-on (SSO) for your enterprise deployment.SSO via Okta
Configure authentication using OpenID Connect with Okta.
SSO via Azure
Enable seamless authentication with Azure AD.
SSO via SAML
Configure authentication using a generic SAML 2.0 identity provider.
SSO via OIDC
Configure authentication using a generic OpenID Connect identity provider.
FAQs & Additional Information
Can we use our own LLM API keys?
Can we use our own LLM API keys?
Devin is a compound AI system and does not currently support third-party LLM API keys.
Do you support GCP?
Do you support GCP?
Please contact our sales team for information on Google Cloud Platform support.
Do you support OpenShift?
Do you support OpenShift?
OpenShift support is available upon request. Please reach out to our sales team for details.
Next Steps
- For Enterprise SaaS Deployment: Start using Devin immediately by logging in to the web app.
- For Customer Dedicated SaaS: Contact our Enterprise Sales Team to discuss your networking requirements and begin the setup process.
- Need Assistance? Contact our Enterprise Sales Team.