Online Help

SafeNet Trusted Access for GitHub Enterprise

Overview

Configuring SafeNet Trusted Access for GitHub Enterprise is a three-step process:

1.GitHub Enterprise setup

2.SafeNet Trusted Access setup

3.Verify authentication

GitHub Enterprise Setup

As a prerequisite, download the Identity Provider Signing Certificate from the SafeNet Trusted Access console by clicking the Download X.509 Certificate button. You will need this certificate in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in GitHub Enterprise:

1.Log in to the GitHub Enterprise console as an administrator using the https://<hostname or IP address of GitHub Enterprise>/setup URL.

2.In the left pane, under Settings, click Authentication.

3.In the right pane, under Authentication, select the SAML option.

4.Perform the following steps:

a.Select the Disable administrator demotion/promotion. (ignore the administrator attribute) checkbox.

b.In the Single sign-on URL field, enter the SINGLESIGNONSERVICE URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking on the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

c.In the Issuer field, enter the ISSUER/ENTITY ID that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking on the Copy to Clipboard icon available next to the ISSUER/ENTITY ID field.

d.In the Signature Method field, select RSA-SHA256.

e.In the Digest Method field, select SHA256.

f.In the Name Identifier Format field, select unspecified.

g.Under Verification certificate, click Choose File to search and select the signing certificate that you downloaded earlier from the SafeNet Trusted Access console.

h.Click Save settings.

Obtaining Metadata

In a web browser, open the following URL to download the GitHub Enterprise metadata:

https://<Hostname or IP Address of GitHub Enterprise>/saml/metadata

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in GitHub Enterprise, the second step is to activate the GitHub Enterprise application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the GitHub Enterprise application you added earlier is currently in inactive state by default. To configure and activate this application, click the application (for example, GitHub Enterprise) and proceed to the next step.

2.Under STA Setup, complete the following fields:

a.In the HOSTNAME OF GITHUB ENTERPRISE field, enter the host name of GitHub Enterprise (for example, SafeNet.github.com).

b.Under SIGNING CERTIFICATE, click Choose File to search and select the Signing Certificate that you can get from the GitHub Enterprise metadata.

Note:  Before uploading the certificate, you need to convert it from base 64 encoded to the base 64 decoded format.

c.In the NAME ID field, ensure that Email address is selected as required by GitHub Enterprise.

3.Click Save Configuration to save the details and activate the GitHub Enterprise application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the GitHub Enterprise URL and enter your GitHub Enterprise username or email address (with no password). YYou will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the GitHub Enterprise console after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the GitHub Enterprise application icon, you should be redirected to the GitHub Enterprise console after authentication.

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.