Online Help

SafeNet Trusted Access for GitHub Enterprise Cloud Organization

Overview

The application template provides the ability to enable single sign-on for users accessing the GitHub Enterprise Cloud Organization application through SafeNet Trusted Access.

The following use cases can be configured for GitHub Enterprise Cloud Organization:

SP-initiated SSO

IdP-initiated SSO

Just-in-Time (JIT) Provisioning

Note:  
• GitHub uses SAML to protect a GitHub organization’s resources.
• When users use IdP-initiated SAML to log in to their GitHub organization for the first time, they are asked to enter their user name and password manually. Once their session is stored in their computer as a cookie, they are not required to enter their credentials again while login.
• GitHub uses JIT provisioning to assign GitHub accounts to GitHub organizations. Users are redirected to a page, where they can either sign-in with an existing GitHub account or create a new one.

Configuring SafeNet Trusted Access for GitHub Enterprise Cloud Organization is a three-step process:

1.GitHub Enterprise Cloud Organization setup

2.SafeNet Trusted Access setup

3.Verify authentication

GitHub Enterprise Cloud Organization Setup

As a prerequisite, download the Identity Provider signing certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps given below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in GitHub Enterprise Cloud Organization:

1.Log in to GitHub Enterprise Cloud Organization as an administrator using the https://github.com/login URL.

2.On the the GitHub Enterprise Cloud Organization homepage, in the left pane, from the Switch dashboard context drop down menu, select the GitHub organization (for example, safenet-sta) for which you want to enable SAML authentication.

3.In the right pane, scroll down to All activity, click on the Edit <Github Organization>'s settings link. For example, Edit safenet-sta’s settings.

4.In the left pane, under Organization settings, click Security.

5.In the right pane, under SAML single sign-on, select the Enable SAML authentication checkbox, and perform the following steps:

a.In the Sign on URL field, enter the SingleSignOnService URL that is provided on the SafeNet Trusted Access console.

On the STA console, you can copy this URL by clicking on the Copy to Clipboard icon available next to the SingleSignOnService field.

b.In the Issuer field, enter the Issuer/Entity ID that is available on the SafeNet Trusted Access console.

On the STA console, you can copy this URL by clicking on the Copy to Clipboard icon available next to the Issuer/Entity ID field.

c.In a text editor, open the identity provider certificate that you downloaded earlier from the STA console. Copy the entire certificate text.

d.In the Public certificate field, paste the identity provider certificate text that you copied in the previous step.

e.Click Test SAML configuration, you will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication. If the authentication is successful, it will display a test SAML configuration message, Passed: Successfully authenticated your SAML SSO identity.

Note:  Before you click Test SAML configuration, you must configure GitHub Enterprise Cloud Organization in SafeNet Trusted Access to perform SAML authentication for the first time. Refer to the SafeNet Trusted Access Setup section given below for configuration steps.

f.Click Save.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in GitHub Enterprise Cloud Organization, the second step is to activate the GitHub Enterprise Cloud Organization application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the GitHub Enterprise Cloud Organization application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, GitHub Enterprise Cloud Organization) and proceed to the next step.

2.Under STA Setup, in the GITHUB ORGANIZATION field, enter the organization name (for example, safenet-sta) for which you enabled SAML authentication.

3.Click Save Configuration to save the details and activate the GitHub Enterprise Cloud Organization application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the GitHub Enterprise Cloud Organization login URL, https://github.com/orgs/<Your GitHub Organization>/sso

For example, https://github.com/orgs/safenet-sta/sso

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the GitHub Enterprise Cloud Organization application after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the GitHub Enterprise Cloud Organization application icon. You should be successfully logged in to the GitHub Enterprise Cloud Organization after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.