Warning
Enabling SAML affects all members of your enterprise.
Enterprise Managed Users doesn't provide a backup sign in URL where members of your enterprise can sign in using their regular username and password.
If you are unable to sign in, contact GitHub Enterprise Support via the
GitHub Support portal
for assistance.
The GitHub Enterprise Managed User application on Okta supports
SP-initiated SSO
and
IdP-initiated SSO
.
-
Install the
GitHub Enterprise Managed User application
from Okta's integrations direction.
-
In the GitHub Enterprise Managed User application on Okta, click the
Assignments
tab and assign the application to your Okta account.
-
Click the
Sign on
tab.
-
Next to "Enterprise Name," type the name of your enterprise with managed users.
Note
For example, if you sign in to
https://github.com/enterprises/octo-enterprise
, your enterprise name is
octo-enterprise
.
-
On the "Sign on" tab, under "SAML 2.0," click
More details
.
-
In order to configure your enterprise on GitHub Enterprise Cloud later, note down the following items:
- "Sign on URL"
- "Issuer"
- "Signing certificate"
-
Sign in to your enterprise with managed users.
-
In the top-right corner of GitHub, click your profile photo, then click
Your enterprises
.
-
In the list of enterprises, click the enterprise you want to view.
-
In the enterprise account sidebar, click
Settings
.
-
Under
Settings
, click
Authentication security
.
-
Under "SAML single sign-on", select
Require SAML authentication
.
-
Under
Sign on URL
, type the "Sign on URL" that you noted down from Okta.
-
Under
Issuer
, type the "Issuer" that you noted down from Okta.
-
Under
Public Certificate
, paste the certificate that you noted from Okta.
-
Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click
Test SAML configuration
. This test uses Service Provider initiated (SP-initiated) authentication and must be successful before you can save the SAML settings.
-
Click
Save
.
Note:
After you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only managed user accounts provisioned by your IdP will have access to the enterprise.
-
To ensure you can still access your enterprise on GitHub.com if your IdP is unavailable in the future, click
Download
,
Print
, or
Copy
to save your recovery codes. For more information, see "
Downloading your enterprise account's single sign-on recovery codes
."
After you enable SAML SSO, enable provisioning. For more information, see "
Configuring SCIM provisioning with Okta
."