Skip to main content


If you use Central Authentication Service (CAS) to centralize access to multiple web applications, you can integrate GitHub Enterprise Server by configuring CAS authentication for your instance.

About CAS authentication for GitHub Enterprise Server

CAS is a single sign-on (SSO) protocol that centralizes authentication to multiple web applications. For more information, see "Central Authentication Service" on Wikipedia.

After you configure CAS, people who use GitHub Enterprise Serverインスタンス must use a personal access token to authenticate API or Git requests over HTTP(S). CAS credentials cannot be used to authenticate these requests. 詳しい情報については、「個人アクセストークンを作成する」を参照してください。

If you configure CAS, people with accounts on your identity provider (IdP) do not consume a user license until the person signs into GitHub Enterprise Serverインスタンス.

If you want to allow authentication for some people who don't have an account on your external authentication provider, you can allow fallback authentication to local accounts on GitHub Enterprise Serverインスタンス. For more information, see "Allowing built-in authentication for users outside your provider."


GitHub Enterprise Server normalizes a value from your external authentication provider to determine the username for each new personal account on GitHub Enterprise Serverインスタンス. For more information, see "Username considerations for external authentication."



ユーザ名必須GitHub Enterprise Server のユーザ名


  1. From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .

    Screenshot of the rocket ship icon for accessing site admin settings

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

    Screenshot of "Site admin" link

  3. 左のサイドバーでManagement Consoleをクリックしてください。 左のサイドバーのManagement Consoleタブ

  4. 左のサイドバーでAuthentication(認証)をクリックしてください。 設定サイドバーの認証タブ

  5. CASを選択してください。

    Screenshot of selection of CAS for authentication

  6. Optionally, to allow people without an account on your external authentication system to sign in with built-in authentication, select Allow built-in authentication. For more information, see "Allowing built-in authentication for users outside your provider."

    Screenshot of of fallback built-in authentication option for CAS

  7. Server URL(サーバのURL)フィールドにCASサーバの完全なURLを入力してください。 CAS サーバが GitHub Enterprise Server が検証できない証明書を使っているなら、ghe-ssl-ca-certificate-install を使えばその証明書を信頼済みの証明書としてインストールできます。 詳しい情報については、「コマンドラインユーティリティ」を参照してください。