Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.
All products
엔터프라이즈 관리자

Enterprise Managed Users에 대한 SAML Single Sign-On 구성

이 문서의 내용

SAML(Security Assertion Markup Language) SSO(Single Sign-On)를 구성하여 GitHub에서 엔터프라이즈 계정에 대한 액세스를 자동으로 관리할 수 있습니다.

ID 공급자를 사용하여 엔터프라이즈의 사용자를 관리하려면 GitHub Enterprise Cloud에서 사용할 수 있는 Enterprise Managed Users에 대해 엔터프라이즈를 사용하도록 설정해야 합니다. 자세한 내용은 "Enterprise Managed Users 정보"을 참조하세요.

About SAML single sign-on for Enterprise Managed Users

With Enterprise Managed Users, your enterprise uses your corporate identity provider to authenticate all members. Instead of signing in to GitHub with a GitHub username and password, members of your enterprise will sign in through your IdP.

Enterprise Managed Users supports the following IdPs:

  • Azure Active Directory (Azure AD)
  • Okta

After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable.

If you currently use SAML SSO for authentication and would prefer to use OIDC and benefit from CAP support, you can follow a migration path. For more information, see "Migrating from SAML to OIDC."

Note: When SAML SSO is enabled, the only setting you can update on GitHub for your existing SAML configuration is the SAML certificate. If you need to update the Sign on URL or Issuer, you must first disable SAML SSO and then reconfigure SAML SSO with the new settings.

Configuring SAML single sign-on for Enterprise Managed Users

To configure SAML SSO for your enterprise with managed users, you must configure an application on your IdP and then configure your enterprise on GitHub.com. After you configure SAML SSO, you can configure user provisioning.

To install and configure the GitHub Enterprise Managed User application on your IdP, you must have a tenant and administrative access on a supported IdP.

If you need to reset the password for your setup user, contact GitHub Support through the GitHub Support portal.

  1. Configuring your identity provider
  2. Configuring your enterprise
  3. Enabling provisioning

Configuring your identity provider

To configure your IdP, follow the instructions they provide for configuring the GitHub Enterprise Managed User application on your IdP.

  1. To install the GitHub Enterprise Managed User application, click the link for your IdP below:

  2. To configure the GitHub Enterprise Managed User application and your IdP, click the link below and follow the instructions provided by your IdP:

  3. So you can test and configure your enterprise, assign yourself or the user that will be configuring SAML SSO on GitHub to the GitHub Enterprise Managed User application on your IdP.

  4. To enable you to continue configuring your enterprise on GitHub, locate and note the following information from the application you installed on your IdP.

    ValueOther namesDescription
    IdP Sign-On URLLogin URL, IdP URLApplication's URL on your IdP
    IdP Identifier URLIssuerIdP's identifier to service providers for SAML authentication
    Signing certificate, Base64-encodedPublic certificatePublic certificate that IdP uses to sign authentication requests

Configuring your enterprise

After you install and configure the GitHub Enterprise Managed User application on your identity provider, you can configure your enterprise.

  1. Sign into GitHub.com as the setup user for your new enterprise with the username @SHORT-CODE_admin.

  2. In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.

  3. In the list of enterprises, click the enterprise you want to view.

  4. In the enterprise account sidebar, click Settings.

  5. Under Settings, click Authentication security.

  6. Under "SAML single sign-on", select Require SAML authentication.

  7. Under Sign on URL, type the HTTPS endpoint of your IdP for single sign-on requests that you noted while configuring your IdP.

  8. Under Issuer, type your SAML issuer URL that you noted while configuring your IdP, to verify the authenticity of sent messages.

  9. Under Public Certificate, paste the certificate that you noted while configuring your IdP, to verify SAML responses.

  10. Under your public certificate, to the right of the current signature and digest methods, click .

    Screenshot of the current signature method and digest method in the SAML settings. The pencil icon is highlighted with an orange outline.

  11. Select the Signature Method and Digest Method dropdown menus, then click the hashing algorithm used by your SAML issuer.

  12. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click Test SAML configuration.

  13. Click Save.

    Note: When you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only managed user accounts provisioned by your IdP will have access to the enterprise.

  14. To ensure you can still access your enterprise in the event that your identity provider is ever unavailable in the future, click Download, Print, or Copy to save your recovery codes. For more information, see "Downloading your enterprise account's single sign-on recovery codes."

Enabling provisioning

After you enable SAML SSO, enable provisioning. For more information, see "Configuring SCIM provisioning for Enterprise Managed Users."