The idea is the same as for the Jenkins’ setup: keep all users in the Okta, during Github’s (our Service provider, SP) login – it has to ask our Identity Provider, IDP (Okta this case) to authenticate this user using SAML.
Go to the в Okta – Applications – Add application, find the Github Enterprise Cloud – Organization:
Set the organization name in the same view as it is in the Github:
Go to the Sign On tab:
Click on the View Setup Instructions – you’ll be redirected to a page with already defined settings for your SAML:
SAML configuration in the Github Organization
Go to the Github, click on the Enable SAML authentication, fill the fields with the data from the View Setup Instructions page, here is just three fields to copy-past:
Go back to the Github application in the Okta, switch to the Assignments tab and assign a user:
In the Github click on the Test SAML configuration: – you’ll be redirected to the Okta to authenticate:
Log in with the Test user – test passed:
Do not forget to press the Save on the bottom.
SAML checking
Find your SSO URL:
Open it in an Incognito:
Click the Continue button – must be redirected to the Okta:
Here you can or create a new Github’s user – or log in with an already existing one.
In any case – Okta will use Just In Time (JIT) Provisioning to add this user to the Github’s organization:
Log in:
And now you are able to see the organization’s data: