---
title: Configuring SAML SSO with GitHub Cloud and PingOne for Enterprise
description: Learn how to enable GitHub sign-on from the PingOne for Enterprise console (IdP-initiated sign-on) and direct GitHub sign-on using PingOne for Enterprise (SP-initiated sign-on).
component: configuration_guides
page_id: configuration_guides:github:config_saml_githubcloud_p14e
canonical_url: https://docs.pingidentity.com/configuration_guides/github/config_saml_githubcloud_p14e.html
revdate: May 16, 2024
section_ids:
  before-you-begin: Before you begin
  set-up-the-supplied-github-application-in-pingone-for-enterprise: Set up the supplied GitHub application in PingOne for Enterprise
  add-the-pingone-for-enterprise-idp-connection-to-github: Add the PingOne for Enterprise IdP connection to GitHub
  test-the-pingone-for-enterprise-idp-initiated-sso-integration: Test the PingOne for Enterprise IdP-initiated SSO integration
  test-the-pingone-for-enterprise-sp-initiated-sso-integration: Test the PingOne for Enterprise SP-initiated SSO integration
---

# Configuring SAML SSO with GitHub Cloud and PingOne for Enterprise

Learn how to enable GitHub sign-on from the PingOne for Enterprise console (IdP-initiated sign-on) and direct GitHub sign-on using PingOne for Enterprise (SP-initiated sign-on).

## Before you begin

* Link PingOne for Enterprise to an identity repository containing the users requiring application access.

* Populate GitHub with at least one user to test access.

* You must have administrative access to PingOne for Enterprise and GitHub.

## Set up the supplied GitHub application in PingOne for Enterprise

1. Sign on to PingOne for Enterprise for and go to **Applications → Application Catalog**.

2. Search for `GitHub`.

3. Expand the GitHub entry and click the **Setup** icon.

   ![Screen capture of PingOne for Enterprise Application Catalog with GitHub displayed as the search result and the expansion arrow highlighted in red.](_images/smv1625254124267.png)

4. Copy the **Issuer** and **IdP ID** values.

5. Download the signing certificate.

   ![Screen capture of PingOne for Enterprise SSO Instructions with the Signing Certificate Download hyperlink, IdP ID, and Issuer value highlighted in red.](_images/ola1625254236990.png)

6. Click **Continue to Next Step**.

7. Set **ACS URL** to `https://github.com/orgs/your-tenant/saml/consume`.

   Set **Entity ID** to `https://github.com/orgs/your-tenant`.

8. Click **Continue to Next Step**.

9. Ensure that **SAML\_SUBJECT** is mapped to the field containing a user's email address.

10. Click **Continue to Next Step** twice.

11. Click **Add** for all user groups that should have access to GitHub.

    ![Screen capture of PingOne for Enterprise Group Access page.](_images/qgs1625254380304.png)

12. Click **Continue to Next Step**.

13. Click **Finish**.

## Add the PingOne for Enterprise IdP connection to GitHub

1. Sign on to GitHub as an administrator.

2. Select your GitHub organization.

3. Click **Organization settings**, then click **Security**.

4. Under **SAML single sign-on**, select **Enable SAML authentication**.

   |   |                                                                                                                                                                                                                                                                                                                                                                                 |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | The assertion consumer service URL displayed on this screen should match the value that you entered into the PingOne for Enterprise **ACS URL** field.![Screen capture of GitHub SAML settings with the Enable SAML authentication checkbox, assertion consumer service URL, Sign on URL, Issuer URL, and Public certificate highlighted in red.](_images/tup1625254603157.png) |

5. Set the following values.

   | Field                  | Value                                                                               |
   | ---------------------- | ----------------------------------------------------------------------------------- |
   | **Sign on URL**        | `https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=PingOne-IdP-ID-value` |
   | **Issuer**             | PingOne for Enterprise **Issuer** value                                             |
   | **Public certificate** | Paste in the contents of the PingOne for Enterprise signing certificate.            |

6. Click **Save**.

## Test the PingOne for Enterprise IdP-initiated SSO integration

1. Go to your Ping desktop as a user with GitHub access.

   |   |                                                                                    |
   | - | ---------------------------------------------------------------------------------- |
   |   | To find the Ping desktop URL in the Admin console, go to **Setup → PingOne Dock**. |

2. Complete the PingOne for Enterprise authentication.

   You're redirected to your GitHub domain.

   ![Screen capture of PingOne for Enterprise sign on screen.](_images/jbo1625254892038.png)

## Test the PingOne for Enterprise SP-initiated SSO integration

1. Go to `https://github.com/orgs/your-tenant/sso`.

2. After you're redirected to PingOne for Enterprise, enter your PingOne for Enterprise username and password.

   ![Screen capture of PingOne for Enterprise sign on screen.](_images/jbo1625254892038.png)

   You're redirected back to GitHub.