Configuration of SAML 2.0 for GitHub Enterprise

Hideez Identity Cloud - Configuration SAML 2.0 for GitHub Enterprise

How to Configure SAML 2.0 for GitHub Enterprise

SAML single sign-on (SSO) gives organization owners and enterprise owners using GitHub Enterprise Cloud a way to control and secure access to organization resources like repositories, issues, and pull requests. Organization owners can invite your personal account on GitHub to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on GitHub. If you're a member of an enterprise with managed users, you will instead use a new account that is provisioned for you and controlled by your enterprise.

Prerequisites

  • Access to the GitHub Enterprise admin account.

  • Administrative access to Hideez Identity Cloud to configure the IdP.

  • A configured Hideez Identity Cloud instance with user identities set up.

  • The users exist in Hideez Identity Cloud.

  • The user is added to the GitHub organization.

Step 0: Add users to the Hideez Identity Cloud

You have to add the users that belong to GitHub Enterprise to the tenant on Hideez Identity Cloud.

Please follow this guide to add the user:

Step 1: Enable SAML Single Sign-On in GitHub Enterprise

  1. Log in to your GitHub Enterprise account as an admin.

  2. Navigate to the organization or enterprise settings:

    • For organizations: Go to SettingsSecurity.

    • For enterprise accounts: Go to Enterprise settingsAuthentication.

  3. In the "SAML single sign-on" section, click Enable SAML authentication.

Step 2: Configure the SAML Settings in Hideez Identity Cloud

General Application Setup

  1. Log in to your Hideez Identity Cloud admin portal.

  2. Go to Integrations→SAML and create a new SAML application for GitHub Enterprise.

  3. Provide the following details during the setup:

    • Name: Familiar name (e.g. SAML single sign-on for GitHub).

    • Issuer / SP Entity ID: https://github.com/enterprises/<organization-name>/ (replace <organization-name> with your organization's name). In our case: https://github.com/enterprises/hideez.

    • ACS URL (Assertion Consumer Service URL): https://github.com/orgs/<organization-name>/saml/consume. In our case: https://github.com/enterprises/hideez/saml/consume.

You can find the assertion consumer service URL directly on your GitHub Enterprise account:

  1. Click Create.

  1. Go to the Parameters tab and keep it open. We will use it later on.

  2. Download the Hideez Identity Cloud signing certificate (in X.509 format).

Step 3: Complete SAML Setup in GitHub Enterprise

  1. Return to the GitHub Enterprise SAML settings page.

  2. Provide the following details:

    • Sign on URL: The SSO URL from Hideez Identity Cloud.

    • Issuer: The Entity ID or Issuer from Hideez Identity Cloud.

    • Public Certificate: Paste the X.509 certificate downloaded from Hideez Identity Cloud.

You can open the Public Certificate downloaded from Hideez Identity Cloud on your computer, copy it, and paste it to GitHub.

Step 4: Test the SAML Configuration

  1. On the GitHub Enterprise SAML settings page, click Test SAML login.

  2. Verify that you are redirected to Hideez Identity Cloud for authentication.

  3. Complete the login process and confirm access to GitHub Enterprise.

  4. Click Test SAML configuration before saving settings and test SAML login to your GitHub Enterprise account using Hideez Identity Cloud.

Step 5: Save SAML for the GitHub Enterprises

  1. After testing is successful, return to the SAML settings page.

  2. Click Enforce SAML single sign-on.

  3. Confirm the enforcement to require SAML authentication for all members.

For further assistance, refer to GitHub Enterprise documentation and Hideez Identity Cloud support resources.

Last updated