English
No results found.

Explore by product

Organizations
English

Configuring SAML single sign-on and SCIM using Okta

You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on GitHub.

Organization owners can configure SAML SSO and SCIM using Okta for an organization.

SAML single sign-on is available with GitHub Enterprise Cloud. For more information, see "GitHub's products."

In this article

About SAML and SCIM with Okta

You can control access to your GitHub organization and other web applications from one central interface by configuring the organization to use SAML SSO and SCIM with Okta, an Identity Provider (IdP).

SAML SSO controls and secures access to organization resources like repositories, issues, and pull requests. SCIM automatically adds, manages, and removes members' access to your GitHub organization when you make changes in Okta. For more information, see "About identity and access management with SAML single sign-on" and "About SCIM."

After you enable SCIM, the following provisioning features are available for any users that you assign your GitHub Enterprise Cloud application to in Okta.

FeatureDescription
Push New UsersWhen you create a new user in Okta, the user will receive an email to join your GitHub organization.
Push User DeactivationWhen you deactivate a user in Okta, Okta will remove the user from your GitHub organization.
Push Profile UpdatesWhen you update a user's profile in Okta, Okta will update the metadata for the user's membership in your GitHub organization.
Reactivate UsersWhen you reactivate a user in Okta, Okta will send an email invitation for the user to rejoin your GitHub organization.

Prerequisites

You must use the "Classic UI" in Okta. For more information, see Organized Navigation on the Okta blog.

Selecting "Classic UI" from Okta UI style picker above dashboard

Adding the GitHub Enterprise Cloud application in Okta

  1. In the Okta Dashboard, click Applications. "Applications" item in the Okta Dashboard navigation bar

  2. Click Add application. "Add application" button in the Okta Dashboard's Applications tab

  3. In the search field, type "GitHub Enterprise Cloud". Okta's "Search for an application" field

  4. To the right of "Github Enterprise Cloud - Organization", click Add. Clicking "Add" for the GitHub Enterprise Cloud application

  5. In the GitHub Organization field, type the name of your GitHub organization. For example, if your organization's URL is https://github.com/octo-org, the organization name would be octo-org. Type GitHub organization name

  6. Click Done.

Enabling and testing SAML SSO

  1. In the Okta Dashboard, click Applications. "Applications" item in the Okta Dashboard navigation bar
  2. In the list of applications, click the label for the application you created for the organization that uses GitHub Enterprise Cloud. GitHub Enterprise Cloud application in Okta
  3. Assign the application to your user in Okta. For more information, see Assign applications to users in the Okta documentation.
  4. Under the name of the application, click Sign on. "Sign on" tab for Okta application
  5. Under "SIGN ON METHODS", click View Setup Instructions. "View Setup Instructions" button in Okta application's "Sign On" tab
  6. Enable and test SAML SSO on GitHub using the sign on URL, issuer URL, and public certificates from the "How to Configure SAML 2.0" guide. For more information, see "Enabling and testing SAML single sign-on for your organization."

Configuring access provisioning with SCIM in Okta

  1. In the Okta Dashboard, click Applications. "Applications" item in the Okta Dashboard navigation bar

  2. In the list of applications, click the label for the application you created for the organization that uses GitHub Enterprise Cloud. GitHub Enterprise Cloud application in Okta

  3. Under the name of the application, click Provisioning. "Provisioning" tab for Okta application

  4. Click Configure API Integration. "Configure API Integration" button for Okta application

  5. Select Enable API integration. "Enable API integration" checkbox for Okta application

  6. Click Authenticate with Github Enterprise Cloud - Organization. "Authenticate with Github Enterprise Cloud - Organization" button for Okta application

  7. To the right of your organization's name, click Grant. "Grant" button for authorizing Okta SCIM integration to access organization

    Note: If you don't see your organization in the list, go to https://github.com/orgs/ORGANIZATION-NAME/sso in your browser and authenticate with your organization via SAML SSO using your administrator account on the IdP. For example, if your organization's name is octo-org, the URL would be https://github.com/orgs/octo-org/sso. For more information, see "About authentication with SAML single sign-on."

  8. Click Authorize OktaOAN. "Authorize OktaOAN" button for authorizing Okta SCIM integration to access organization

  9. Click Save. "Save" button for Okta application's provisioning configuration

  10. To the right of "Provisioning to App", click Edit. "Edit" button for Okta application's provisioning options

  11. To the right of "Create Users", select Enable. "Enable" checkbox for Okta application's "Create Users" option

  12. To the right of "Update User Attributes", select Enable. "Enable" checkbox for Okta application's "Update User Attributes" option

  13. To the right of "Deactivate Users", select Enable. "Enable" checkbox for Okta application's "Deactivate Users" option

  14. Click Save. "Save" button for Okta application's provisioning configuration

Further reading

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.