GitHub Enterprise

IPI Enterprise Server - Configuration SAML 2.0 for GitHub Enterprise

How to Configure SAML 2.0 for GitHub Enterprise

SAML single sign-on (SSO) gives organization owners and enterprise owners using GitHub Enterprise Cloud a way to control and secure access to organization resources like repositories, issues, and pull requests. Organization owners can invite your personal account on GitHub to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on GitHub. If you're a member of an enterprise with managed users, you will instead use a new account that is provisioned for you and controlled by your enterprise.

Prerequisites

  1. Access to the GitHub Enterprise admin account.

  2. Administrative access to IPI Enterprise Server to configure the IdP.

  3. A configured IPI Enterprise Server instance with user identities set up.

  4. The users exist in IPI Enterprise Server.

  5. The user is added to the GitHub organization.

Step 0: Add users to the IPI Enterprise Server

You have to add the users that belong to GitHub Enterprise to the tenant on IPI Enterprise Server.

Instructions:

Step 1: Enable SAML Single Sign-On in GitHub Enterprise

  1. Log in to your GitHub Enterprise account as an admin.

  2. Navigate to the organization or enterprise settings:

    • For organizations: Go to Settings → Security.

    • For enterprise accounts: Go to Enterprise settings → Authentication.

  3. In the "SAML single sign-on" section, click Enable SAML authentication.

Step 2: Configure the SAML Settings in IPI Enterprise Server

General Application Setup

  1. Log in to your IPI Enterprise Server as administrator.

  2. Go to Settings→ Parameters→ SAML→Add service provider and create a new SAML application for GitHub Enterprise.

  1. Provide the following details during the setup:

  • Name: Familiar name (e.g., SAML single sign-on for GitHub).

  • Issuer / SP Entity ID: https://github.com/enterprises/<organization-name>/ (replace <organization-name> with your organization's name). Example: https://github.com/enterprises/ipi.

  • ACS URL (Assertion Consumer Service URL): https://github.com/orgs/<organization-name>/saml/consume. Example: https://github.com/enterprises/ipi/saml/consume.

Locate the assertion consumer service URL directly on your GitHub Enterprise account.

  1. Click Add.

  1. Go to the section Identity Provider configuration and download the IPI Enterprise Server signing certificate (in X.509 format).

  1. Keep this section open for later use.

Step 3: Complete SAML Setup in GitHub Enterprise

  1. Return to the GitHub Enterprise SAML settings page.

  2. Provide the following details:

    • Sign on URL: The SSO URL from IPI Enterprise Server.

    • Issuer: The Entity ID or Issuer from IPI Enterprise Server.

    • Public Certificate: Paste the X.509 certificate downloaded from IPI Enterprise Server.

  3. Open the Public Certificate downloaded from IPI Enterprise Server on your computer, copy it, and paste it into GitHub.

Step 4: Test the SAML Configuration

  1. On the GitHub Enterprise SAML settings page, click Test SAML login.

  2. Verify that you are redirected to IPI Enterprise Server for authentication.

  3. Complete the login process and confirm access to GitHub Enterprise.

  4. Click Test SAML configuration before saving settings.

  5. Test SAML login to your GitHub Enterprise account using IPI Enterprise Server.

Step 5: Save SAML for the GitHub Enterprises

  1. After testing is successful, return to the SAML settings page.

  2. Click Save SAML settings.

  1. Save recovery codes for emergencies.

For further assistance, refer to GitHub Enterprise documentation and IPI Identity Cloud support resources.

PreviousFortinet servicesNextGitLab on premises

Last updated