Set up GitHub Enterprise as the SP and EAA as the IdP

How to set up the GitHub Enterprise application as a service provider (SP) and EAA is the identity provider (IdP).

Complete the following steps to configure GitHub Enterprise as the SP and EAA as the IdP.

How to

  1. Access https://enterprise.github.com/home.
    1. Click Start a free trial. Provide all the required information to complete registration.
      GitHub free trial screen


    2. Provide all the required information to complete the registration and click Download your trial. You will receive an email with information to set up your portal account.
    3. Access your personalized site using the tenant URL and credentials.
      GitHub sign in screen


    4. After validating your credentials the GitHub home page appears.
      GitHub homepage


    5. Click Download at the top of the page. The Try GitHub Enterprise page appears.
      GitHub try it page


    6. Click Download your license under Step 1: Download License.
      GitHub download license


    7. Click Get the latest release of GitHub Enterprise under Step 2: Download the Appliance. The Download GitHub Enterprise page appears.
      GitHub download software


    8. Based on your requirements, select from either the GitHub On-Premises or the GitHub in the Cloud menu. This example uses Amazon Web Services from the GitHub in the Cloud menu.
      GitHub installation screen


    9. Select an AWS region from the menu.
      GitHub AWS regions


    10. After you select a region you see an AMI ID. Use this ID to create the instance in AWS.
      GitHub AMI ID


    11. Log in to your AWS account and create the instance and configure the instance following the instructions in the Installing GitHub Enterprise on AWS guide.
      GitHub AWS account


    12. Copy the VM's Public DNS (IPv4) URL and paste it into a web browser. At the prompt, upload your license file and set a management console password.
      GitHub password prompt


  2. Create a new application on EAA. See Configure EAA as the IdP for a custom SaaS application to create an application. Do not deploy the application at this time.
    1. In the IdP info section under the SAML SETTINGS tab, copy the Entity ID, Single SignOn (ACS) URL, and Signing Certificate information or copy or download the metadata file to your computer. You will need this data to configure the GitHub Enterprise SP.
      GitHub EAA SAML settings


    2. Do not deploy the application at this time. You need to fill out the SAML settings fields with GitHub data before you can deploy.
  3. Configure GitHub Enterprise as the SP.
    1. Log in to the GitHub Enterprise management console using valid credentials.

      In this example, use the management URL shown in Step 1k in the Public DNS (IPv4) field:

      https://ec2-54-218-112-247.us-west-2.compute.amazonaws.com:8443/setup/unlock?redirect_to=/settings

      GitHub authentication required


    2. After you log in the Settings page appears.
      GitHub Enterprise Settings page


    3. Click on Authentication in the left panel of the Settings page. The Authentication page appears.
      GitHub Enterprise Authentication page


    4. Select SAML as the authentication method and fill in the Single sign-on URL and Issuer fields using the EAA IdP metadata from Step 2a.
    5. Upload the valid certificate from the IdP metadata. This is used to verify the SAML response.
      GitHub certificate file


    6. Configure the user attributes that use SAML to update the user profile information.
      GitHub user attributes


  4. Go back to the EAA IdP application and configure the SAML settings under the SAML SETTINGS tab to complete the setup.
    1. Add the Entity ID, SSO (ACS) URL and other GitHub information from Step 1k required for the SAML settings.
      GitHub settings for EAA SAML settings


    2. Click Save and go to Deployment.
      GitHub EAA deploy


    3. On the DEPLOYMENT tab, click Deploy application.
  5. Configure the GitHub application as an access application in EAA.
    1. Access EAA under the Applications tab, click Add Application.
    2. On the right panel under Add Custom Apps click Access App.
    3. Add an application name and description and then click Create App and Configure.
    4. Configure the GENERAL tab, providing the required information like Application server IP, External hostname, and click Add or remove connector to attach the connector.
      GitHub settings for EAA GENERAL tab


      See Install a connector in Amazon Web Services if you need to create a connector.

    5. Configure the AUTHENTICATION tab, assigning the IdP and required directories for the application access. For example:
      GitHub Enterprise EAA authentication settings example


    6. Configure the SERVICES tab as needed.
      GitHub EAA Services tab example


    7. Configure the ADVANCED SETTINGS tab, selecting SAML from the Application-facing authentication mechanism and other information as needed.
      GitHub EAA ADVANCED SETTINGS tab


    8. Configure the SAML SETTINGS tab, viewing or downloading the metadata to configure the GitHub SP.
      GitHub Enterprise EAA SAML settings