• Home
• App Integrations
• Single Sign-On Integrations
• GitHub Single Sign-On

GitHub SAML Single Sign-On (SSO)

---

GitHub SAML Single Sign-On (SSO) for enterprise cloud solution by miniOrange provides secure Single Sign-On access to GitHub & multiple On-Premise and Cloud Applications using a single set of login credentials. With miniOrange IDP service you can SSO login to multiple applications using a single Github username and password. Github Single Sign-On (SSO) can also be enabled if your users are in any of the third-party Identity Providers and you want your users to log into Github uisng existing IdP credentials, you can easily allow them to SSO into Github in a secure manner.

With miniOrange GitHub SSO, you can:

• Enable your users to automatically login to Github
• Have centralized and easy access control of the users
• Connect easily with any external identity source like Azure AD, ADFS, Cognito, etc

Supported SSO Features

miniOrange Github SAML integration supports the following features:

• SP Initiated SSO Login: Users can access their Github account via a URL or bookmark. They will automatically be redirected to the miniOrange portal for login. Once they've signed on, they'll be automatically redirected and logged into Github.
• IdP Initiated SSO Login: Users need to login to the miniOrange first , and then click on the Github icon on the applications dashboard to access Github.(If you have set up any more Identity Sources, you will log in to that platform).
• JIT Provisioning: Enables the automatic creation of user accounts in Github when a person logs in for the first time via Desktop SSO, IDP, or Active Directory (AD) authentication.
• Single Logout: With this feature, you will be automatically logged out of all the applications that are connected with Identity provider (IdP) when you log out from Github org or any other app.
• Mandate users to Login using SSO: Single Sign-on can make it mandatory for all users to log in using SSO. This will prevent any person from login using any other source and bypassing the login system. No person will be able to have direct login making it a streamline and secure process.

Prerequisites

• GitHub Administrator account is required to do the configuration and setup SAML Single sign-on (SSO)
• GitHub Enterprise Gold plan is required. Other GitHub plans like Developer or Team do not support SAML Single Sign-on (SSO)
• Note - Make sure you do not enable SSO for all users before testing and getting the Single Sign-on (SSO) recover codes from GitHub

Follow the step-by-step guide given below for GitHub SAML Single Sign-On (SSO) for your organization

1. Configure GitHub in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps and click on Add Application button.



• In Choose Application, select SAML/WS-FED from the application type dropdown.



• Search for GitHub in the list, if you don't find GitHub in the list then, search for custom and you can set up your application in Custom SAML App.

• Enter Custom Application Name as GitHub.
• Enter the SP Entity ID or Issuer : https://github.com/enterprises/<custom_domain_name>
• Enter the ACS URL : https://github.com/enterprises/<custom_domain_name>/saml/consume
• Enter the Single Logout URL (Optional)
• Click on Next to proceed further.



• In the Attribute Mapping tab configure the following attributes as shown in the image below.



• To upload respective app logo for a Custom SAML App, click on Upload Logo tab.



• Click on Save.

To get miniOrange metadata details in order to configure GitHub:

• Go to Apps >> Manage Apps.
• Search for your app and click on the select in action menu against your app.
• Click on the Metadata Option under the Select Dropdown to get the miniOrange Metadata details. You can also click on the Show SSO Link to see the IdP initiated SSO link for GitHub.



• Here you will see 2 options, if you are setting up miniOrange as IDP copy the metadetails related to miniOrange, if you required to be authenticated via external IDP's (Okta, Azure AD, ADFS, OneLogin, Google Workspace) you can get metadata from the 2nd Section as shown below.



• Keep SAML Login URL, SAML Logout URL and click on the Download Certificate button to download certificate which you will require in Step 2.

2. Configure SSO in GitHub Enterprise

• Navigate to the top right corner of GitHub.
• Click your profile photo >> then click your Enterprises.



• In the Enterprises account sidebar, click on Settings >> Authentication security.
• Under SAML single sign-on, enable the checkbox Require SAML authentication.



• Enter the required details. You can get the following information via previous step.

Sign on URL	Enter the SAML Login URLs for single sign-on requests.
Issuer	Enter the IdP Entity ID or Issuer. This verifies the authenticity of sent messages.
Public certificate	Paste the X.509 Certificate to verify SAML responses

• Under public certificate, to the right of the current signature and digest methods, click on edit.



• Select the Signature Method and Digest Method from the dropdown, then click the hashing algorithm used by your SAML issuer.
• Before saving SAML SSO for your enterprise, click Test SAML configuration to ensure that the information you've entered is correct.



• Click Save SAML settings.

3. Test SSO Configuration

Test SSO login to your GitHub account with miniOrange IdP:

Using SP Initiated Login

• Go to your GitHub URL, here you will be either asked to enter the username or click on the SSO link which will redirect you to miniOrange IdP Sign On Page.



• Enter your miniOrange login credential and click on Login. You will be automatically logged in to your GitHub account.

Using IDP Initiated Login

• Login to miniOrange IdP using your credentials.



• On the Dashboard, click on GitHub application which you have added, to verify SSO configuration.





Not able to configure or test SSO?


Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.

External References

• Know More about Single Sign On (SSO)
• Read more about SAML Single Sign-On Solution
• Configure GitHub as IDP
• What is Single Sign-on for Workforce Identity? Know more about SSO