Skip to main content

Configuring authentication and provisioning for your enterprise using Okta

You can use Okta as an identity provider (IdP) to centrally manage authentication and user provisioning for GitHub AE.

Enterprise owners can configure authentication and provisioning for GitHub AE.

Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.

Okta での SAML と SCIM について

You can use Okta as an Identity Provider (IdP) for GitHub AE, which allows your Okta users to sign in to GitHub AE using their Okta credentials.

To use Okta as your IdP for GitHub AE, you can add the GitHub AE app to Okta, configure Okta as your IdP in GitHub AE, and provision access for your Okta users and groups.

The following provisioning features are available for all Okta users that you assign to your GitHub AE application.

機能説明
新しいユーザのプッシュWhen you create a new user in Okta, the user is added to GitHub AE.
ユーザ無効化のプッシュWhen you deactivate a user in Okta, it will suspend the user from your enterprise on GitHub AE.
プロフィール更新のプッシュWhen you update a user's profile in Okta, it will update the metadata for the user's membership in your enterprise on GitHub AE.
ユーザの再アクティブ化When you reactivate a user in Okta, it will unsuspend the user in your enterprise on GitHub AE.

Okta で GitHub AE アプリケーションを追加する

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click Browse App Catalog

    "Browse App Catalog"

  3. In the search field, type "GitHub AE", then click GitHub AE in the results.

    "Search result"

  4. [Add] をクリックします。

    "Add GitHub AE app"

  5. For "Base URL", type the URL of your enterprise on GitHub AE.

    "Configure Base URL"

  6. [Done] をクリックします。

Enabling SAML SSO for GitHub AE

To enable single sign-on (SSO) for GitHub AE, you must configure GitHub AE to use the sign-on URL, issuer URL, and public certificate provided by Okta. You can find locate these details in the "GitHub AE" app.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. Click Sign On.

    Sign On tab

  4. Click View Setup Instructions.

    Sign On tab

  5. Take note of the "Sign on URL", "Issuer", and "Public certificate" details.

  6. Use the details to enable SAML SSO for your enterprise on GitHub AE. 詳しい情報については、「Enterprise 向けのSAML シングルサインオンを設定する」を参照してください。

Note: To test your SAML configuration from GitHub AE, your Okta user account must be assigned to the GitHub AE app.

Enabling API integration

The "GitHub AE" app in Okta uses the GitHub AE API to interact with your enterprise for SCIM and SSO. This procedure explains how to enable and test access to the API by configuring Okta with a personal access token for GitHub AE.

  1. In GitHub AE, generate a personal access token with the admin:enterprise scope. For more information, see "Creating a personal access token".

  2. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  3. Click on the GitHub AE app.

    Configure app

  4. [Provisioning] をクリックします。

    Configure app

  5. [Configure API Integration] をクリックします。

  6. [Enable API integration] を選択します。

    Enable API integration

  7. For "API Token", type the GitHub AE personal access token you generated previously.

  8. Click Test API Credentials.

Note: If you see Error authenticating: No results for users returned, confirm that you have enabled SSO for GitHub AE. For more information see "Enabling SAML SSO for GitHub AE."

Configuring SCIM provisioning settings

This procedure demonstrates how to configure the SCIM settings for Okta provisioning. These settings define which features will be used when automatically provisioning Okta user accounts to GitHub AE.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. [Provisioning] をクリックします。

    Configure app

  4. Under "Settings", click To App.

    "To App" settings

  5. [Provisioning to App] の右にある [Edit] をクリックします。

  6. [Create Users] の右にある [Enable] を選択します。

  7. [Update User Attributes] の右にある [Enable] を選択します。

  8. [Deactivate Users] の右にある [Enable] を選択します。

  9. [Save] をクリックします。

Allowing Okta users and groups to access GitHub AE

You can provision access to GitHub AE for your individual Okta users, or for entire groups.

Provisioning access for Okta users

Before your Okta users can use their credentials to sign in to GitHub AE, you must assign the users to the "GitHub AE" app in Okta.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. Click Assignments.

    [Assignments] タブ

  4. Select the Assign drop-down menu and click Assign to People.

    "Assign to People" button

  5. To the right of the required user account, click Assign.

    List of users

  6. To the right of "Role", click a role for the user, then click Save and go back.

    Role selection

  7. [Done] をクリックします。

Provisioning access for Okta groups

You can map your Okta group to a team in GitHub AE. Members of the Okta group will then automatically become members of the mapped GitHub AE team. For more information, see "Mapping Okta groups to teams."

参考リンク