GitHub

Learn how to integrate GitHub with idemeum for passwordless SSO and automated account provisioning.

GitHub

Capabilities overview

GitHub is a software code hosting and collaboration tool with a community of millions of people using it to build software, share information, collaborate on projects, offer support, and more. GitHub also creates and supports development tools like Atom, Electron, and Desktop.

GitHub pricing page

Supported capability Required plan Details
Passwordless SSO Enterprise plan High SSO tax
Automated provisioning Enterprise plan SCIM 2.0 (create, remove, update accounts)
Password manager Any Auto-fill / Auto-capture

Prerequisites

You will need to collect and prepare idemeum SAML metadata parameters:

  • Identity Provider SSO URL
  • Identity Provider Entity ID
  • Public X509 certificate (PEM format)

Instructions for how to obtain your idemeum SAML metadata parameters are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate with a SAML endpoint. For example, if Identity Provider (IDP) X wanted to allow Service Provider (SP) Y to request SAML responses, IdP X would share its metadata with SP Y and vice-versa. Each idemeum tenant has associate…

Single Sign-On (SAML)

Configure SSO in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for GitHub application and click Add App
  • Navigate to SAML configuration
  • Enter your GitHub organization name. All other parameters are preconfigured for GitHub. Organization name can be found in your GitHub URL ->  https://github.com/orgs/[organization name]/dashboard
  • Click Save
  • Proceed to Entitlements on the left menu and entitle GitHub application to yourself. You will need that for testing purposes.

Configure SSO in Github

  • Access your GitHub account
  • Click Account -> Your organizations
  • Choose the organization for which you would like to configure SSO
  • Click Settings -> Organization security
  • Click Enable SAML authentication
  • For Sign on URL enter Identity Provider SSO URL that you obtained in prerequisites section
  • For Issuer enter Identity Provider Entity ID that you obtained in prerequisites section
  • For Public certificate enter Public X509 certificate (PEM format) that you obtained from prerequisites section
  • Make sure you choose SHA256 for Signature and Digest
  • Click Test SAML configuration. You will be redirected to idemeum and you will need to login with passwordless MFA.
  • Click Save at the bottom of the page if the test is passed
  • Make sure you save Recovery Codes to make sure you have access to your account in case SAML SSO in not available
  • If everything works great you can enable SSO for all users in your organization by clicking Require SAML SSO authentication for all members
  • Click Save

Automated provisioning with SCIM

  • Click on the icon at the top right corner of the screen and access Settings
  • In the left menu click Developer Settings
  • Choose Personal access tokens
  • Now you will create an access token. Choose the expiration time and give the token the following scopes: admin:org and user.
  • Make sure you copy token after you generate it. You will need the token for your idemeum configuration.
  • Now Authorize this token to be used with SSO. Click Single Sign-On and then choose Authorize.
  • Access Provisioning section for your GitHub app in idemeum
  • Enter your GitHub organization name. Organization name can be found in your GitHub URL ->  https://github.com/orgs/[organization name]/dashboard
  • For Access Token enter the GitHub token you just created
  • You can now save configuration and test provisioning

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.


SAML SSO login flows

GitHub supports both:

  • IDP Initiated Flow
  • SP Initiated Flow

IDP Initiated flow

With this flow users first navigate to idemeum user catalog and then click on GitHub icon to launch application.

SP Initiated flow

With this flow users can directly go to GitHub and login with passwordless SSO.

  • Navigate to https://github.com/orgs/[your org name]/sso
  • Login with idemeum
Table of Contents
Great! Next, complete checkout for full access to idemeum integrations.
Welcome back! You've successfully signed in.
You've successfully subscribed to idemeum integrations.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.