Step-by-Step Guide: User Provisioning with SAML Authentication in GitHub Enterprise

Step-by-Step Guide: User Provisioning with SAML Authentication in GitHub Enterprise

Step 1: Invite the user to the GitHub Organization

• Persona: GitHub Organization Owner
• Action: Invite the new user's personal GitHub Account handle to the intended Organization within the GitHub Enterprise.

Step 2: Assign Default Access role in IDP

• Persona: Cloud Application Administrator in IDP (e.g., Microsoft Entra ID)
• Action: Add the user account to be linked with the new user’s GitHub personal account by assigning the ‘Default Access’ role in the Enterprise Application in the IDP.

Step 3: Accept the invitation

• Persona: New User
• Action: Accept the invitation from the email address associated with the personal account.

Step 4: Authenticate with SAML IDP

• Persona: New User
• Action: Authenticate with the SAML IDP to join the organization. Sign in to the IDP used for SAML. Going forward, log in to GitHub.com with the personal account and use SAML SSO login when accessing the specific organization of the Enterprise.

Step 5: Join the Organization

• Persona: New User
• Action: Join the organization after successful authentication.

Conclusion

The new user is now a member of the Organization within the non-EMU GitHub Enterprise. Access resources by logging in through the personal account on GitHub.com and single sign-on through the configured IDP. This user provisioning process with SAML authentication streamlines user access and enhances security by leveraging the organization’s identity provider.