---
title: Adding an identity provider - GitHub
description: Add Github as an external identity provider in PingOne to allow users to sign on with Github when accessing your application.
component: pingone
page_id: pingone:integrations:p1_add_idp_github_overview
canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_add_idp_github_overview.html
revdate: May 29, 2025
page_aliases: ["p1_add_app_github.adoc", "p1_add_idp_github.adoc", "p1_finish_creating_app_github.adoc", "p1_finish_adding_idp_github.adoc"]
section_ids:
  before-you-begin: Before you begin
  creating-your-application-on-github: Creating your application on GitHub
  steps: Steps
  adding-github-as-an-identity-provider-in-pingone: Adding GitHub as an identity provider in PingOne
  before-you-begin-2: Before you begin
  steps-2: Steps
  finishing-creating-the-application-on-github: Finishing creating the application on GitHub
  before-you-begin-3: Before you begin
  steps-3: Steps
  finishing-adding-the-identity-provider-in-pingone: Finishing adding the identity provider in PingOne
  before-you-begin-4: Before you begin
  steps-4: Steps
  next-steps: Next steps
---

# Adding an identity provider - GitHub

Adding GitHub as an external identity provider (IdP) *(tooltip: \<div class="paragraph">
\<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
\</div>)* gives your users the option to sign on with GitHub when accessing your application.

## Before you begin

Ensure that you have:

* A PingOne organization with an environment added. Learn more in [Starting a PingOne trial](../getting_started_with_pingone/p1_start_a_p1_trial.html).

* Added your application to PingOne. Learn more in [Adding an application](../applications/p1_applications_add_applications.html).

* A GitHub account.

## Creating your application on GitHub

Before you can set up GitHub as an external IdP, you must create an application on GitHub. GitHub generates a client ID and client secret for the application. Learn more in [Creating an OAuth app](https://docs.github.com/en/developers/apps/creating-an-oauth-app) in the GitHub documentation.

### Steps

1. Go to [GitHub](https://github.com/) and sign on to your account.

   If you don't have a GitHub account, you can create one now.

2. In the upper right, click your profile photo, and then click **Settings**.

3. On the left, click **Developer Settings**.

4. On the left, click **OAuth Apps**.

5. Click the **New OAuth App** button.

   |   |                                                                                                |
   | - | ---------------------------------------------------------------------------------------------- |
   |   | If you haven't created an app before, you'll see the button as **Register a new application**. |

6. Enter the following:

   * **Application name**: The display name for the application.

   * **Homepage URL**: The full URL to your application home page.

   * **Application description**: A description for your application that all users will see.

   * **Authorization callback URL**: The path in your application that users are redirected to after they have authenticated with GitHub. Leave this value blank for now.

7. Leave the GitHub page open to return later and enter the `Authorization callback URL` after you have created the application in PingOne.

## Adding GitHub as an identity provider in PingOne

Configure the IdP connection in PingOne.

### Before you begin

Ensure that registration is enabled in the authentication policy you want to use. Learn more in [Editing an authentication policy](../authentication/p1_edit_auth_policy.html).

### Steps

1. In the PingOne admin console, go to **Integrations > External IdPs** and click **[icon: plus, set=fa]**.

2. Click **GitHub**.

3. Click **Next**.

4. On the **Add External Identity Provider** page, enter the following information:

   * **Name**: A unique identifier for the IdP.

   * **Description** (optional): A brief description of the IdP.

   * **Population**: A population that overrides the authentication policy's registration population and enables just-in-time registration from the IdP.

     |   |                                                                                                         |
     | - | ------------------------------------------------------------------------------------------------------- |
     |   | You can't change the **Icon** and **Sign-on Button** in accordance with the provider's brand standards. |

5. Click **Next**.

6. Copy the value for **Callback URL** to a secure location.

7. Leave the PingOne page open to return and enter the `Client ID` and `Client Secret` after you have created the application on GitHub.

## Finishing creating the application on GitHub

Add the callback URL from the PingOne admin console to your application on GitHub.

### Before you begin

Ensure you have copied the **Callback URL** from PingOne.

### Steps

1. Go to the **Register a new OAuth application** page on GitHub.

2. For **Authorization callback URL**, enter the value for **Callback URL** that you copied from PingOne.

3. Click **Register application**.

## Finishing adding the identity provider in PingOne

After you have registered the application with GitHub, copy the values for client ID and client secret and enter them into PingOne.

### Before you begin

Ensure that you have copied the values for client ID and client secret from GitHub.

### Steps

1. Return to [GitHub](https://github.com/) and, in the **OAuth Apps** section, select the appropriate application.

2. Locate the **Client ID** and **Client Secret** and copy the values to a secure location.

3. In the PingOne admin console, configure the connection and enter the following information:

   * **Client ID**: The application identifier that you copied from the IdP. You can find this information on GitHub.

   * **Client Secret**: The application secret that you copied from the IdP. You can find this information on GitHub.

   * **Callback URL**: The URL to which the user will be redirected after authenticating.

4. Click **Next**.

5. Define how the PingOne user attributes are mapped to IdP attributes. Learn more in [Mapping attributes](../directory/p1_editsamlattributemapping.html).

   * Enter the PingOne user profile attribute and the external IdP attribute. Learn more about attribute syntax in [Identity provider attributes](p1_idp_attributes.html).

   * To add an attribute, click **[icon: plus, set=fa]Add**.

   * To use the advanced expression builder, click the **Gear** icon. Learn more in [Using the expression builder](../pingone_expression_language/p1_use_expression_builder.html).

   * Select the update condition, which determines how PingOne updates its user directory with the values from the IdP. The options are:

     * **Empty only**: Update the PingOne attribute only if the existing attribute is empty.

     * **Always**: Always update the PingOne directory attribute.

       You can map the following attributes provided by GitHub:

   * `Avatar URL`

   * `Blog`

   * `Company`

   * `Email`

   * `HTML URL`

   * `User ID`

   * `Location`

   * `Login`

   * `Name`

   * `Node ID`

   * `Site Admin`

   * `Type`

   * `URL`

6. Click **Save**.

7. To enable the IdP, click the toggle at the top of the details panel to the right (blue).

   |   |                                                                    |
   | - | ------------------------------------------------------------------ |
   |   | You can disable the IdP by clicking the toggle to the left (gray). |

### Next steps

* [Add the IdP to your authentication policy](../authentication/p1_edit_auth_policy.html).

* [Add the authentication policy to your application](../applications/p1_auth_policies_for_applications.html).