Skip to main content

Mapping Okta groups to teams

You can map your Okta groups to teams on GitHub AE to automatically add and remove team members.

Enterprise owners can configure authentication and provisioning for GitHub AE.

Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.

About team mapping

If you use Okta as your IdP, you can map your Okta group to a team in GitHub AE. Members of the Okta group will automatically become members of the mapped GitHub AE team. To configure this mapping, you can configure the Okta "GitHub AE" app to push the group and its members to GitHub AE. You can then choose which team in GitHub AE will be mapped to the Okta group.

必要な環境

You or your Okta administrator must be a Global administrator or a Privileged Role administrator in Okta.

You must enable SAML single sign-on with Okta. 詳しい情報については、「Enterprise 向けのSAML シングルサインオンを設定する」を参照してください。

You must authenticate to your enterprise account using SAML SSO and Okta. 詳しい情報については「SAMLシングルサインオンで認証する」を参照してください。

Assigning your Okta group to the "GitHub AE" app

  1. In the Okta Dashboard, open your group's settings.

  2. Click Manage Apps. Add group to app

  3. To the right of "GitHub AE", click Assign.

    Assign app

  4. [Done] をクリックします。

Pushing the Okta group to GitHub AE

When you push an Okta group and map the group to a team, all of the group's members will be able to sign in to GitHub AE.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

    "Applications" menu navigation

  2. Click on the GitHub AE app.

    Configure app

  3. Click Push Groups.

    [Push Groups] タブ

  4. Select the Push Groups drop-down menu and click Find groups by name.

    Add groups button

  5. Type the name of the group to push to GitHub AE, then click Save.

    Add group name

Mapping a team to the Okta group

You can map a team in your enterprise to an Okta group you previously pushed to GitHub AE. Members of the Okta group will then automatically becomes members of the GitHub AE team. Any subsequent changes to the Okta group's membership are automatically synchronized with the GitHub AE team.

  1. In the top right corner of GitHub AE, click your profile photo, then click Your organizations. プロフィールメニューのあなたのOrganization
  2. Click the name of your organization. Organizationのリスト中のOrganization名
  3. Organization 名の下で、クリックします Teams. Teamsタブ
  4. Teamsタブで、Teamの名前をクリックしてください。 Organization の Team のリスト
  5. Team ページの上部で、 Settings(設定)をクリックしてください。 Team設定タブ
  6. Under "Identity Provider Group", select the drop-down menu and click an identity provider group. Drop-down menu to choose identity provider group
  7. [Save changes] をクリックします。

Checking the status of your mapped teams

Enterprise owners can use the site admin dashboard to check how Okta groups are mapped to teams on GitHub AE.

  1. ダッシュボードへアクセスするには、ページ右上の隅にある をクリックしてください。 サイトアドミン設定にアクセスするための宇宙船のアイコン

  2. In the left pane, click External groups.

    Add group name

  3. To view more details about a group, in the list of external groups, click on a group.

    List of external groups

  4. The group's details includes the name of the Okta group, a list of the Okta users that are members of the group, and the corresponding mapped team on GitHub AE.

    List of external groups

Viewing audit log events for mapped groups

To monitor SSO activity for mapped groups, you can review the following events in the GitHub AE audit log.

アクション説明
external_group.deleteTriggered when your Okta group is deleted. For more information, see "Mapping Okta groups to teams."
external_group.linkTriggered when your Okta group is mapped to your GitHub AE team. For more information, see "Mapping Okta groups to teams."
external_group.provisionTriggered when an Okta group is mapped to your team on GitHub AE. For more information, see "Mapping Okta groups to teams."
external_group.unlinkTriggered when your Okta group is unmapped from your GitHub AE team. For more information, see "Mapping Okta groups to teams."
external_group.updateTriggered when your Okta group's settings are updated. For more information, see "Mapping Okta groups to teams."
アクション説明
external_identity.deprovisionTriggered when a user is removed from your Okta group and is subsequently deprovisioned from GitHub AE. For more information, see "Mapping Okta groups to teams."
external_identity.provisionTriggered when an Okta user is added to your Okta group and is subsequently provisioned to the mapped team on GitHub AE. For more information, see "Mapping Okta groups to teams."
external_identity.updateTriggered when an Okta user's settings are updated. For more information, see "Mapping Okta groups to teams."

For more information, see "Reviewing the audit log for your organization."