Skip to main content

Configuring authentication and provisioning for your enterprise using Okta

You can use Okta as an identity provider (IdP) to centrally manage authentication and user provisioning for GitHub AE.

Enterprise owners can configure authentication and provisioning for GitHub AE.

Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.

About SAML and SCIM with Okta

You can use Okta as an Identity Provider (IdP) for GitHub AE, which allows your Okta users to sign in to GitHub AE using their Okta credentials.

To use Okta as your IdP for GitHub AE, you can add the GitHub AE app to Okta, configure Okta as your IdP in GitHub AE, and provision access for your Okta users and groups.

The following provisioning features are available for all Okta users that you assign to your GitHub AE application.

FeatureDescription
Push New UsersWhen you create a new user in Okta, the user is added to GitHub AE.
Push User DeactivationWhen you deactivate a user in Okta, it will suspend the user from your enterprise on GitHub AE.
Push Profile UpdatesWhen you update a user's profile in Okta, it will update the metadata for the user's membership in your enterprise on GitHub AE.
Reactivate UsersWhen you reactivate a user in Okta, it will unsuspend the user in your enterprise on GitHub AE.

Adding the GitHub AE application in Okta

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click Browse App Catalog

    "Browse App Catalog"

  3. In the search field, type "GitHub AE", then click GitHub AE in the results.

    "Search result"

  4. Click Add.

    "Add GitHub AE app"

  5. For "Base URL", type the URL of your enterprise on GitHub AE.

    "Configure Base URL"

  6. Click Done.

Enabling SAML SSO for GitHub AE

To enable single sign-on (SSO) for GitHub AE, you must configure GitHub AE to use the sign-on URL, issuer URL, and public certificate provided by Okta. You can find locate these details in the "GitHub AE" app.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. Click Sign On.

    Sign On tab

  4. Click View Setup Instructions.

    Sign On tab

  5. Take note of the "Sign on URL", "Issuer", and "Public certificate" details.

  6. Use the details to enable SAML SSO for your enterprise on GitHub AE. For more information, see "Configuring SAML single sign-on for your enterprise."

Note: To test your SAML configuration from GitHub AE, your Okta user account must be assigned to the GitHub AE app.

Enabling API integration

The "GitHub AE" app in Okta uses the GitHub AE API to interact with your enterprise for SCIM and SSO. This procedure explains how to enable and test access to the API by configuring Okta with a personal access token for GitHub AE.

  1. In GitHub AE, generate a personal access token with the admin:enterprise scope. For more information, see "Creating a personal access token".

  2. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  3. Click on the GitHub AE app.

    Configure app

  4. Click Provisioning.

    Configure app

  5. Click Configure API Integration.

  6. Select Enable API integration.

    Enable API integration

  7. For "API Token", type the GitHub AE personal access token you generated previously.

  8. Click Test API Credentials.

Note: If you see Error authenticating: No results for users returned, confirm that you have enabled SSO for GitHub AE. For more information see "Enabling SAML SSO for GitHub AE."

Configuring SCIM provisioning settings

This procedure demonstrates how to configure the SCIM settings for Okta provisioning. These settings define which features will be used when automatically provisioning Okta user accounts to GitHub AE.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. Click Provisioning.

    Configure app

  4. Under "Settings", click To App.

    "To App" settings

  5. To the right of "Provisioning to App", click Edit.

  6. To the right of "Create Users", select Enable.

  7. To the right of "Update User Attributes", select Enable.

  8. To the right of "Deactivate Users", select Enable.

  9. Click Save.

Allowing Okta users and groups to access GitHub AE

You can provision access to GitHub AE for your individual Okta users, or for entire groups.

Provisioning access for Okta users

Before your Okta users can use their credentials to sign in to GitHub AE, you must assign the users to the "GitHub AE" app in Okta.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. Click Assignments.

    Assignments tab

  4. Select the Assign drop-down menu and click Assign to People.

    "Assign to People" button

  5. To the right of the required user account, click Assign.

    List of users

  6. To the right of "Role", click a role for the user, then click Save and go back.

    Role selection

  7. Click Done.

Provisioning access for Okta groups

You can map your Okta group to a team in GitHub AE. Members of the Okta group will then automatically become members of the mapped GitHub AE team. For more information, see "Mapping Okta groups to teams."

Further reading