About SAML SSO for your enterprise on GitHub AE
GitHub AE 使用 SAML SSO 进行用户身份验证。 您可以从支持 SAML 2.0 标准的 IdP 集中管理对 GitHub AE 的访问。 您将在初始化过程中输入SAML IdP 的详细信息,以配置 GitHub AE 的身份和访问管理。 更多信息请参阅“初始化 GitHub AE。”
After you configure the application for GitHub AE on your identity provider (IdP), you can provision access to 您的企业 by assigning the application to users and groups on your IdP. For more information about SAML SSO for GitHub AE, see "Configuring SAML single sign-on for your enterprise."
By default, your IdP does not communicate with GitHub AE automatically when you assign or unassign the application. GitHub AE creates a user account using SAML Just-in-Time (JIT) provisioning the first time someone navigates to GitHub AE and signs in by authenticating through your IdP. You may need to manually notify users when you grant access to GitHub AE, and you must manually deactivate the user account on GitHub AE during offboarding. You can use SCIM to create or suspend user accounts and access for GitHub AE automatically when you assign or unassign the application on your IdP. For more information, see "Configuring user provisioning for your enterprise."
To learn how to configure both authentication and user provisioning for 您的企业 with your specific IdP, see "Configuring authentication and provisioning with your identity provider."
Supported IdPs
The following IdPs are officially supported for integration with GitHub AE.
Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.
| IdP | SAML | 用户预配 | Team mapping |
|---|---|---|---|
| Azure Active Directory (Azure AD) | |||
| Okta | Beta | Beta | Beta |
Mapping GitHub AE teams to Okta groups
If you use Okta as your IdP, you can map your Okta groups to teams on GitHub AE. For more information, see "Mapping Okta groups to teams."
Further reading
- SAML Wiki on the OASIS website
- System for Cross-domain Identity Management: Protocol (RFC 7644) on the IETF website
- Restricting network traffic to your enterprise