We already did everything for our Jenkins (see the Jenkins: SAML, Okta, user groups, and Role-Based Security plugin post) – now it’s time to do the same thing with our Github organization.
The idea is the same as for the Jenkins’ setup: keep all users in the Okta, during Github’s (our Service provider, SP) login – it has to ask our Identity Provider, IDP (Okta this case) to authenticate this user using SAML.
Let’s use the Okta Github Enterprise Cloud – Organization application.
- How to Configure SAML 2.0 for GitHub Enterprise Cloud – Organization
- About authentication with SAML single sign-on
I didn’t found yet how to realize the Groups to be passed from an Okta user’s account to Github, but I hope this is can be done.
To have an ability to use SAML in a Github’s organization need to have the Github Enterprise Cloud – Organization.
Go to your Github’s Organization, Settings > Security:
Now there is no SAML available.
For the testing purpose let’s create a new Github Organization with the Enterprise Trial subscription.
Go to the GitHub Enterprise Cloud:
Click on the Trial, create the new organization:
Can add users from here:
Now my user, which was used during the organization’s creation, has access to three organizations – working, RTFM’s and the Testing, just created:
Now, go to the organization created Settings – Security, and you can see SAML available here:
Go to the в Okta – Applications – Add application, find the Github Enterprise Cloud – Organization:
Set the organization name in the same view as it is in the Github:
Go to the Sign On tab:
Click on the View Setup Instructions – you’ll be redirected to a page with already defined settings for your SAML:
Go to the Github, click on the Enable SAML authentication, fill the fields with the data from the View Setup Instructions page, here is just three fields to copy-past:
Go back to the Github application in the Okta, switch to the Assignments tab and assign a user:
In the Github click on the Test SAML configuration: – you’ll be redirected to the Okta to authenticate:
Log in with the Test user – test passed:
Do not forget to press the Save on the bottom.
Find your SSO URL:
Open it in an Incognito:
Click the Continue button – must be redirected to the Okta:
Here you can or create a new Github’s user – or log in with an already existing one.
In any case – Okta will use Just In Time (JIT) Provisioning to add this user to the Github’s organization:
And now you are able to see the organization’s data:
Need to find out how to deal with groups now.