Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.
About team mapping
If you use Okta as your IdP, you can map your Okta group to a team in GitHub AE. Members of the Okta group will automatically become members of the mapped GitHub AE team. To configure this mapping, you can configure the Okta "GitHub AE" app to push the group and its members to GitHub AE. You can then choose which team in GitHub AE will be mapped to the Okta group.
Prerequisites
You or your Okta administrator must be a Global administrator or a Privileged Role administrator in Okta.
You must enable SAML single sign-on with Okta. For more information, see "Configuring SAML single sign-on for your enterprise."
You must authenticate to your enterprise account using SAML SSO and Okta. For more information, see "Authenticating with SAML single sign-on."
Assigning your Okta group to the "GitHub AE" app
- In the Okta Dashboard, open your group's settings.
- Click Manage Apps.
- To the right of "GitHub AE", click Assign.
- Click Done.
Pushing the Okta group to GitHub AE
When you push an Okta group and map the group to a team, all of the group's members will be able to sign in to GitHub AE.
-
In the Okta Dashboard, expand the Applications menu, then click Applications.
-
Click on the GitHub AE app.
-
Click Push Groups.
-
Select the Push Groups dropdown menu and click Find groups by name.
-
Under "Push groups by name", type the name of the group to push to GitHub AE, then click Save.
Mapping a team to the Okta group
You can map a team in your enterprise to an Okta group you previously pushed to GitHub AE. Members of the Okta group will then automatically becomes members of the GitHub AE team. Any subsequent changes to the Okta group's membership are automatically synchronized with the GitHub AE team.
-
In the upper-right corner of GitHub AE, select your profile photo, then click Your organizations.
-
Click the name of your organization.
-
Under your organization name, click Teams.
-
Click the name of the team.
-
At the top of the team page, click Settings.
-
Under "Identity Provider Group", select the drop-down menu and click an identity provider group.
-
Click Save changes.
Checking the status of your mapped teams
Enterprise owners can use the site admin dashboard to check how Okta groups are mapped to teams on GitHub AE.
- To access the dashboard, in the upper-right corner of any page, click .
- In the left pane, click External groups.
- To view more details about a group, in the list of external groups, click on a group.
- The group's details includes the name of the Okta group, a list of the Okta users that are members of the group, and the corresponding mapped team on GitHub AE.
Viewing audit log events for mapped groups
To monitor SSO activity for mapped groups, you can review the external_group
and external_identity
events events in the GitHub AE audit log.
For more information, see "Audit log events for your organization."