Skip to main content
ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。
Enterprise Cloud
日本語
サインアップ
 
Enterprise administrators
Enterprise Cloud
日本語
サインアップ

 

Configuring SAML single sign-on for Enterprise Managed Users

ここには以下の内容があります:

You can automatically manage access to your enterprise account on GitHub by configuring Security Assertion Markup Language (SAML) single sign-on (SSO).

To manage users in your enterprise with your identity provider, your enterprise must be enabled for Enterprise Managed Users, which are available with GitHub Enterprise Cloud. For more information, see "About Enterprise Managed Users."

About SAML single sign-on for Enterprise Managed Users

With Enterprise Managed Users, your enterprise uses SAML SSO to authenticate all members. Instead of signing in to GitHub with a GitHub username and password, members of your enterprise will sign in through your IdP.

Enterprise Managed Users supports the following IdPs:

  • Azure Active Directory (Azure AD)
  • Okta

After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable.

Note: When SAML SSO is enabled, the only setting you can update on GitHub for your existing SAML configuration is the SAML certificate. If you need to update the Sign on URL or Issuer, you must first disable SAML SSO and then reconfigure SAML SSO with the new settings.

Configuring SAML single sign-on for Enterprise Managed Users

To configure SAML SSO for your enterprise with managed users, you must configure an application on your IdP and then configure your enterprise on GitHub.com. After you configure SAML SSO, you can configure user provisioning.

To install and configure the GitHub Enterprise Managed User application on your IdP, you must have a tenant and administrative access on a supported IdP.

If you need to reset the password for your setup user, contact GitHub Support through the GitHub Support ページ.

  1. Configuring your identity provider
  2. Enterprise を設定する
  3. Enabling provisioning

Configuring your identity provider

To configure your IdP, follow the instructions they provide for configuring the GitHub Enterprise Managed User application on your IdP.

  1. To install the GitHub Enterprise Managed User application, click the link for your IdP below:

  2. To configure the GitHub Enterprise Managed User application and your IdP, click the link below and follow the instructions provided by your IdP:

  3. So you can test and configure your enterprise, assign yourself or the user that will be configuring SAML SSO on GitHub to the GitHub Enterprise Managed User application on your IdP.

  4. To enable you to continue configuring your enterprise on GitHub, locate and note the following information from the application you installed on your IdP:

    別名説明
    IdP Sign-On URLLogin URL, IdP URLApplication's URL on your IdP
    IdP Identifier URLIssuerIdP's identifier to service providers for SAML authentication
    Signing certificate, Base64-encodedPublic certificatePublic certificate that IdP uses to sign authentication requests

Enterprise を設定する

After you install and configure the GitHub Enterprise Managed User application on your identity provider, you can configure your enterprise.

  1. Sign into GitHub.com as the setup user for your new enterprise with the username @SHORT-CODE_admin.

  2. GitHub.comの右上で、自分のプロフィール写真をクリックし、続いてYour enterprises(自分のEnterprise)をクリックしてください。 GitHub Enterprise Cloudのプロフィール写真のドロップダウンメニュー内の"Your enterprises"

  3. Enterpriseのリストで、表示したいEnterpriseをクリックしてください。 Enterpriseのリスト中のEnterpriseの名前

  4. Enterpriseアカウントのサイドバーで、 Settings(設定)をクリックしてください。 Enterpriseアカウントサイドバー内の設定タブ

  5. 左のサイドバーでSecurity(セキュリティ)をクリックしてください。 Security tab in the enterprise account settings sidebar

  6. Under "SAML single sign-on", select Require SAML authentication. SAML SSO を有効化するためのチェックボックス

  7. Under Sign on URL, type the HTTPS endpoint of your IdP for single sign-on requests that you noted while configuring your IdP. メンバーがサインインする際にリダイレクトされる URL のフィールド

  8. Under Issuer, type your SAML issuer URL that you noted while configuring your IdP, to verify the authenticity of sent messages. SAMl 発行者の名前のフィールド

  9. Under Public Certificate, paste the certificate that you noted while configuring your IdP, to verify SAML responses. アイデンティティプロバイダからの公開の証明書のフィールド

  10. SAML 発行者からのリクエストの完全性を確認するには、 をクリックします。 Then, in the "Signature Method" and "Digest Method" drop-downs, choose the hashing algorithm used by your SAML issuer. SAML 発行者が使用する署名方式とダイジェスト方式のハッシュアルゴリズム用のドロップダウン

  11. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click Test SAML configuration. 強制化の前に SAML の構成をテストするためのボタン

  12. [Save] をクリックします。

    Note: When you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only managed users provisioned by your IdP will have access to the enterprise.

  13. To ensure you can still access your enterprise in the event that your identity provider is ever unavailable in the future, click Download, Print, or Copy to save your recovery codes. For more information, see "Downloading your enterprise account's SAML single sign-on recovery codes."

    Screenshot of the buttons to download, print, or copy your recovery codes

Enabling provisioning

After you enable SAML SSO, enable provisioning. For more information, see "Configuring SCIM provisioning for enterprise managed users."