How to Configure SAML 2.0 for Github Enterprise Cloud - Enterprise Accounts

Notes:

To take advantage of GitHub SAML functionality, you must be in GitHub's Enterprise Cloud plan.
For more information about GitHub and SAML SSO, see About authentication with SAML single sign-on.

Supported Features

The Okta/Github Enterprise Cloud - Enterprise Accounts SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Log in to Github Enterprise Cloud - Enterprise Accounts as the administrator of the GitHub Enterprise for which you want to enable SAML.
Go to: Settings > Security:
Under SAML Settings, enter the following:
- Sign on URL: Copy and paste the following:
  
  Sign into the Okta Admin Dashboard to generate this variable.
- Issuer: Copy and paste the following:
  
  Sign into the Okta Admin Dashboard to generate this variable.
- Public Certificate: Copy and paste the following in PEM text format:
```
Sign into the Okta Admin Dashboard to generate this variable.
```
- Click Save.
Group Attribute Steps (only for premium plugin version):
- To send groups as a part of SAML assertion, in Okta select the Sign On tab for the
- Github Enterprise Cloud - Enterprise Accounts SAML app, then click Edit.
- Select Regex from the group dropdown menu and then type .*.* (dot asterix dot asterix).
- Click Save:
Done!

Make sure that you entered the correct value in the GitHub Organization field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to GitHub Enterprise Cloud - Organization.
GitHub uses SAML to protect a GitHub organization’s resources.
When a user uses IdP-initiated SAML to log in to their GitHub organization for the first time, they are asked to enter their username and password manually. Once their session cookie is stored in their computer, they won’t need to enter their credentials again.
GitHub uses JIT provisioning to assign GitHub accounts to GitHub organizations. After clicking on the GitHub app in Okta, users are taken to a page where they can either sign-in with an existing GitHub account or create a new one. The account used to sign-in or the new account created is automatically provisioned to the corresponding GitHub organization and is allowed to access its resources.

Go to: https://github.com/enterprises/[Github Enterprise]/sso.