Integrate GitHub with Conditional Access

In this topic, you will find general instructions on how to integrate GitHub with Portnox™ Conditional Access for Applications.

Note: You can set up single sign-on in GitHub on organization level or on the enterprise level, depending on your needs. This guide shows how to set up single sign-on on organization level but the process is identical for the enterprise level.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with GitHub.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Applications option.

  3. On the APPLICATIONS screen, click on the Add new SAML application button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
  5. In the Application details section, enter an Application name and optionally a Description.

    In this example, we used the name GitHub for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your GitHub SAML SSO settings

In this section, you will access your GitHub administrative interface and find the SAML single sign-on (SSO) settings.

  1. In another tab of your browser, open your GitHub web interface by accessing the following URL: https://github.com/. Then, log in to your account.

    From now on, we will call this tab the GitHub tab.

  2. Go to your organization page, and then, in the left-hand side menu, click on the Authentication security option in the Security section.

    You can also go to the following URL: https://github.com/organizations/<your_org>/settings/security, replacing <your_org> with your organization identifier.

  3. In the SAML single sign-on section, activate the Enable SAML authentication checkbox.

Copy configuration values from the Portnox tab to the GitHub tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the GitHub SAML SSO setup section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Identity Provider Entity ID / Audience URI field to copy the value.

  2. In the GitHub tab, click on the empty field next to the Issuer label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  4. In the GitHub tab, click on the empty field next to the Sign on URL label and paste the value copied from Portnox Cloud.

  5. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Certificate field to copy the value.

  6. In the GitHub tab, click on the empty field next to the Public certificate label and paste the value copied from Portnox Cloud.

Copy configuration values from the GitHub tab to the Portnox tab

In this section, you will copy the values displayed in your GitHub SAML SSO setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the GitHub tab, copy the URL labelled The assertion consumer service URL.

  2. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the value copied from GitHub.

  3. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the same value. Then, remove the following trailing string from this value: /saml/consume, leaving only the first part of the URL as your Entity ID.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and GitHub.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
    2. Scroll all the way down to the end of the page, and then click on the Save button.

  2. Finalize the configuration in the GitHub tab.
    1. Click on the Test SAML configuration button and after a successful test, click on the Save SAML settings button.

Result: You have configured GitHub to be accessible using Portnox Conditional Access for Applications.

If needed, click on the People tab and configure individual users to require single sign-on when signing in.