Note
This is an outdated, private beta version of SCIM for GitHub Enterprise Server. Customers must upgrade to 3.14 or newer and use the GitHub Enterprise Server SCIM beta in order for their SCIM feedback or bug reports to be considered.
Warning
The beta is exclusively for testing and feedback, and no support is available. GitHub recommends testing with a staging instance. For more information, see "Setting up a staging instance."
About authentication and user provisioning with Entra ID
Entra ID is a service from Microsoft that allows you to centrally manage user accounts and access to web applications. For more information, see What is Microsoft Entra ID? in the Microsoft Docs.
When you use an IdP for IAM on GitHub Enterprise Server, SAML SSO controls and secures access to enterprise resources like repositories, issues, and pull requests. SCIM automatically creates user accounts and manages access to your GitHub Enterprise Server instance when you make changes on your IdP. You can also synchronize teams on GitHub Enterprise Server with groups on your IdP.
For more information, see "Configuring user provisioning with SCIM on GitHub Enterprise Server."
Prerequisites
-
You must configure SAML SSO for your GitHub Enterprise Server instance. For more information, see "Configuring SAML single sign-on for your enterprise."
-
You must create and use a dedicated machine user account on your IdP to associate with an enterprise owner account on GitHub Enterprise Server. Store the credentials for the user account securely in a password manager. For more information, see "Configuring user provisioning with SCIM on GitHub Enterprise Server."
-
To configure authentication and user provisioning for GitHub Enterprise Server using Entra ID, you must have an Entra ID account and tenant. For more information, see the Entra ID website and Quickstart: Set up a tenant in the Microsoft Docs.
Configuring authentication and user provisioning with Entra ID
- Configure SAML SSO for your GitHub Enterprise Server instance. For more information, see "Configuring SAML single sign-on for your enterprise."
- Configure user provisioning with SCIM for your instance. For more information, see "Configuring user provisioning with SCIM on GitHub Enterprise Server."
Managing enterprise owners
The steps to make a person an enterprise owner depend on whether you only use SAML or also use SCIM. For more information about enterprise owners, see "Roles in an enterprise."
If you configured provisioning, to grant the user enterprise ownership in GitHub Enterprise Server, assign the enterprise owner role to the user in Entra ID.
If you did not configure provisioning, to grant the user enterprise ownership in GitHub Enterprise Server, include the administrator
attribute in the SAML assertion for the user account on the IdP, with the value of true
. For more information about including the administrator
attribute in the SAML claim from Entra ID, see How to: customize claims issued in the SAML token for enterprise applications in the Microsoft Docs.