👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.


Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.

Configuring SAML single sign-on and SCIM using Okta

You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on GitHub.

Organization owners can configure SAML SSO and SCIM using Okta for an organization.

Logon único SAML estão disponíveis com GitHub Enterprise Cloud. Para obter mais informações, consulte os "Produtos do GitHub".

Neste artigo

About SAML and SCIM with Okta

You can control access to your GitHub organization and other web applications from one central interface by configuring the organization to use SAML SSO and SCIM with Okta, an Identity Provider (IdP).

SAML SSO controls and secures access to organization resources like repositories, issues, and pull requests. SCIM automatically adds, manages, and removes members' access to your GitHub organization when you make changes in Okta. For more information, see "About identity and access management with SAML single sign-on" and "About SCIM."

After you enable SCIM, the following provisioning features are available for any users that you assign your GitHub Enterprise Cloud application to in Okta.

FuncionalidadeDescrição
Push New UsersWhen you create a new user in Okta, the user will receive an email to join your GitHub organization.
Push User DeactivationWhen you deactivate a user in Okta, Okta will remove the user from your GitHub organization.
Push Profile UpdatesWhen you update a user's profile in Okta, Okta will update the metadata for the user's membership in your GitHub organization.
Reactivate UsersWhen you reactivate a user in Okta, Okta will send an email invitation for the user to rejoin your GitHub organization.

Pré-requisitos

You must use the "Classic UI" in Okta to enable SCIM. For more information, see Organized Navigation on the Okta blog.

Selecting "Classic UI" from Okta UI style picker above dashboard

Adding the GitHub Enterprise Cloud application in Okta

  1. In the Okta Dashboard, click Applications.

    "Applications" item in the Okta Dashboard navigation bar

  2. Click Add application.

    "Add application" button in the Okta Dashboard's Applications tab

  3. In the search field, type "GitHub Enterprise Cloud".

    Okta's "Search for an application" field

  4. To the right of "Github Enterprise Cloud - Organization", click Add.

    Clicking "Add" for the GitHub Enterprise Cloud application

  5. In the GitHub Organization field, type the name of your GitHub organization. For example, if your organization's URL is https://github.com/octo-org, the organization name would be octo-org.

    Type GitHub organization name

  6. Click Done.

Enabling and testing SAML SSO

  1. In the Okta Dashboard, click Applications.

    "Applications" item in the Okta Dashboard navigation bar

  2. In the list of applications, click the label for the application you created for the organization that uses GitHub Enterprise Cloud.

    GitHub Enterprise Cloud application in Okta

  3. Assign the GitHub Enterprise Cloud application to your user in Okta. For more information, see Assign and unassign apps to users in the Okta documentation.

  4. Click Sign on.

    "Sign on" tab for Okta application

  5. Under "SIGN ON METHODS", click View Setup Instructions.

    "View Setup Instructions" button in Okta application's "Sign On" tab

  6. Enable and test SAML SSO on GitHub using the sign on URL, issuer URL, and public certificates from the "How to Configure SAML 2.0" guide. Para obter mais informações, consulte "Habilitar e testar logon único de SAML para sua organização".

Configuring access provisioning with SCIM in Okta

  1. In the Okta Dashboard, click Applications.

    "Applications" item in the Okta Dashboard navigation bar

  2. In the list of applications, click the label for the application you created for the organization that uses GitHub Enterprise Cloud.

    GitHub Enterprise Cloud application in Okta

  3. Click Provisioning.

    "Provisioning" tab for Okta application

  4. Click Configure API Integration.

    "Configure API Integration" button for Okta application

  5. Select Enable API integration.

    "Enable API integration" checkbox for Okta application

  6. Click Authenticate with Github Enterprise Cloud - Organization.

    "Authenticate with Github Enterprise Cloud - Organization" button for Okta application

  7. To the right of your organization's name, click Grant.

    "Grant" button for authorizing Okta SCIM integration to access organization

    Note: If you don't see your organization in the list, go to https://github.com/orgs/ORGANIZATION-NAME/sso in your browser and authenticate with your organization via SAML SSO using your administrator account on the IdP. For example, if your organization's name is octo-org, the URL would be https://github.com/orgs/octo-org/sso. For more information, see "About authentication with SAML single sign-on."

  8. Click Authorize OktaOAN.

    "Authorize OktaOAN" button for authorizing Okta SCIM integration to access organization

  9. Click Save.

    "Save" button for Okta application's provisioning configuration

  10. To the right of "Provisioning to App", click Edit.

    "Edit" button for Okta application's provisioning options

  11. To the right of "Create Users", select Enable.

    "Enable" checkbox for Okta application's "Create Users" option

  12. To the right of "Update User Attributes", select Enable.

    "Enable" checkbox for Okta application's "Update User Attributes" option

  13. To the right of "Deactivate Users", select Enable.

    "Enable" checkbox for Okta application's "Deactivate Users" option

  14. Click Save.

    "Save" button for Okta application's provisioning configuration

Leia mais

Pergunte a uma pessoa

Não consegue encontrar o que procura?

Entrar em contato