Выпуск GitHub AE сейчас ограничен.

Сопоставление групп Okta с командами

В этой статье

Группы Okta можно сопоставить с командами в GitHub AE, чтобы автоматически добавлять и удалять участников группы.

Кто может использовать эту функцию.

Enterprise owners can configure authentication and provisioning for GitHub AE.

Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.

About team mapping

If you use Okta as your IdP, you can map your Okta group to a team in GitHub AE. Members of the Okta group will automatically become members of the mapped GitHub AE team. To configure this mapping, you can configure the Okta "GitHub AE" app to push the group and its members to GitHub AE. You can then choose which team in GitHub AE will be mapped to the Okta group.

Prerequisites

You or your Okta administrator must be a Global administrator or a Privileged Role administrator in Okta.

You must enable SAML single sign-on with Okta. For more information, see "Configuring SAML single sign-on for your enterprise."

You must authenticate to your enterprise account using SAML SSO and Okta. For more information, see "Authenticating with SAML single sign-on."

Assigning your Okta group to the "GitHub AE" app

  1. In the Okta Dashboard, open your group's settings.
  2. Click Manage Apps.
  3. To the right of "GitHub AE", click Assign.
  4. Click Done.

Pushing the Okta group to GitHub AE

When you push an Okta group and map the group to a team, all of the group's members will be able to sign in to GitHub AE.

  1. In the Okta Dashboard, expand the Applications menu, then click Applications.

  2. Click on the GitHub AE app.

  3. Click Push Groups.

  4. Select the Push Groups dropdown menu and click Find groups by name.

  5. Under "Push groups by name", type the name of the group to push to GitHub AE, then click Save.

Mapping a team to the Okta group

You can map a team in your enterprise to an Okta group you previously pushed to GitHub AE. Members of the Okta group will then automatically becomes members of the GitHub AE team. Any subsequent changes to the Okta group's membership are automatically synchronized with the GitHub AE team.

  1. In the upper-right corner of GitHub AE, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Click the name of your organization.

  3. Under your organization name, click Teams.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with the people icon and "Teams," is outlined in dark orange.

  4. Click the name of the team.

  5. At the top of the team page, click Settings.

    Screenshot of the header of a team's page. A tab, labeled with a gear icon and "Settings", is outlined in dark orange.

  6. Under "Identity Provider Group", select the drop-down menu and click an identity provider group. Drop-down menu to choose identity provider group.

  7. Click Save changes.

Checking the status of your mapped teams

Enterprise owners can use the site admin dashboard to check how Okta groups are mapped to teams on GitHub AE.

  1. To access the dashboard, in the upper-right corner of any page, click .
  2. In the left pane, click External groups.
  3. To view more details about a group, in the list of external groups, click on a group.
  4. The group's details includes the name of the Okta group, a list of the Okta users that are members of the group, and the corresponding mapped team on GitHub AE.

Viewing audit log events for mapped groups

To monitor SSO activity for mapped groups, you can review the external_group and external_identity events events in the GitHub AE audit log.

For more information, see "Audit log events for your organization."