Note: For more information about GitHub and SAML SSO, see About authentication with SAML single sign-on.
The Okta/GitHub Enterprise Server SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Sign in to your Github Admin Console at https://[hostName]/setup/settings where [hostName] is your GitHub Enterprise Server host name.
Select Authentication on the left menu bar. Then select SAML:
On the Authentication page, enter the following (see screen shot at end of step for reference):
IdP initiated SSO (disables AuthnRequest): Uncheck this option.
Disable administrator demotion/promotion. (ignore the administrator attribute): Check this option.
Single sign-on URL: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value.
Issuer: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Signature Method: Select RSA-SHA256.
Digest Method: Select SHA256.
Name Identifier Format: Select unspecified.
Download and save the following certificate as okta.cert:
Sign into the Okta Admin Dashboard to generate this variable.
Verification certificate: Click Choose File to locate and upload the Verification certificate you just saved:
User attributes: Enter the following:
Username: Enter uid.
Full name: Enter fullname.
Email(s): Enter emails.
Leave the default values for the rest of the attributes.
Click Save Settings:
Done!
The following SAML attributes are supported:
| Name | Value |
|---|---|
| fullname | user.firstName user.lastName |
| emails | user.email |
| uid | user.userName |
Open your GitHub Enterprise Server login URL, for example: https://[hostName]/login.