GitHub OAuth uses GitHub.com organization membership to grant and control access to your GitHub Enterprise instance.
Warning: Support for user authentication via GitHub OAuth will be removed after November 2015. To prepare for this, you should plan to implement a different authentication method. For more information, see "Authenticating users to your GitHub Enterprise instance."
If your company or organization already has an organization account with team members established on GitHub.com, you can use that organization account to grant and control access to your GitHub Enterprise instance. The first time a user logs into your instance, their Enterprise account is created with the same profile information, email addresses, and public SSH keys as their GitHub.com account.
Members of your GitHub.com organization do not take up license seats until they log into your Enterprise instance.
Register a new OAuth application
In the top right corner of any page, click your username.
On the left side of your profile page, under "Organizations", click the icon for your organization.
To the right of your organization name, click .
In the Organization Settings sidebar, click Applications.
- Under Organization applications, click Register new application.
- Fill in the form for your new application:
- Application name: the name you want to appear when users authorize your Enterprise instance to access their GitHub.com account information.
- Homepage URL: the URL of your Enterprise instance.
- Application description: optional, displayed to users when they authorize your application.
-
Authorization callback URL: the URL of your instance, followed by
/auth/github_oauth/callback
. e.g.,https://enterprise-hostname.com/auth/github_oauth/callback
. - Click Register application.
- Note the Client ID and Client Secret on the registration page. You will need them for configuring OAuth on your Enterprise instance.
Configure OAuth on your Enterprise instance
In the left sidebar, click Authentication.
Select GitHub OAuth.
- Fill in the OAuth settings:
- OAuth Client ID: The client ID created for the OAuth application above.
- OAuth Client Secret: The client secret created for the OAuth application above.
-
Organization name: The name of your GitHub.com organization. To restrict access to a certain team within your organization, you can also enter a
<organization_name>/<team_id>
pair. Use the/orgs/teams
endpoint in the GitHub API to find your team and retrieve its ID number.
User sign-in
To sign into GitHub Enterprise, users must take the following steps:
- On the Enterprise instance site, click Sign in. This should redirect you to GitHub.com’s sign-in page.
- On the GitHub.com sign-in page, enter your GitHub.com credentials.
- If you haven’t authorized your company’s application, you will be prompted to do so and redirected to your Enterprise instance.
- If you’ve already authorized the application, you will be redirected right away.
Promoting site administrators
Site administrators must be promoted manually. You can promote them from the site admin page or the command line tools.
For more information, see "Promoting or demoting a site administrator".
Suspending users
Users must be suspended manually. To suspend a user, see "Suspending and unsuspending users".