PingOne

Creating a GitHub EMU connection

Use a GitHub EMU (Enterprise Managed Users) connection to enable provisioning from PingOne to the GitHub EMU user directory.

Before you begin

Make sure that you have:

  • A GitHub EMU tenant

  • The Base URL for the GitHub EMU tenant, such as https://api.github.com/scim/v2/enterprises/<enterprise_slug>. For more information, see Creating an enterprise account in the GitHub documentation.

  • The access token for the GitHub EMU tenant. For more information, see Getting a GitHub EMU access token.

Steps

  1. Go to Integrations → Provisioning.

  2. Click and then click New connection.

  3. On the Identity Store line, click Select.

  4. Click GitHub EMU, click Select,and then click Next.

  5. Enter a name and description for the provisioning connection.

    The connection name is added to the Connections tab after you save the connection.

  6. Click Next.

  7. On the Configure authentication panel, enter the following:

    • Base URL: The fully qualified URL to use for the connected application, such as https://api.github.com/scim/v2/enterprises/<enterprise_slug>. For more information, see Creating an enterprise account in the GitHub documentation.

    • Access Token: The access token from GitHub EMU for the connected application. For more information, see Getting a GitHub EMU access token.

  8. Click Test connection to verify that PingOne can establish a connection to GitHub EMU.

    Result:

    If there are any issues with the connection, a Test Connection Failed dialog box opens. Click Continue to resume the setup with an invalid connection.

    You cannot use the connection for provisioning until you have established a valid connection to GitHub EMU. To retry, click Cancel in the Test Connection Failed dialog box and repeat step 7.

    Troubleshooting:

    Learn more about troubleshooting your connection in Troubleshooting Test Connections Failure.

  9. In the Configure preferences and Actions sections, enter the following:

    Field Description

    Group membership handling

    Determines whether to update or replace target groups with PingOne memberships. Select Merge or Overwrite.

    Merging or overwriting memberships only applies to SCIM, Slack, and GitHub EMU provisioning connections.

    Allow users to be created

    Determines whether to create a user in the GitHub EMU user directory when the user is created in the PingOne identity store.

    Allow users to be updated

    Determines whether to update user attributes in the GitHub EMU user directory when the user is updated in the PingOne identity store.

    Allow users to be disabled

    When a user is disabled in the PingOne identity store, PingOne disables the user in the GitHub EMU user directory.

    Users who are disabled in PingOne are marked as suspended in the GitHub EMU identity store.

    Allow users to be deprovisioned

    Determines whether to deprovision a user in the GitHub EMU user directory when the user is deprovisioned in the PingOne identity store.

    Remove action

    Determines the action to take when removing a user from the GitHub EMU user directory.

    Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.

    Delete: When a user is deprovisioned from the PingOne identity store, PingOne removes the user in the external identity store.

    Deprovision on rule deletion

    Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

  10. Click Save.

Next steps

To sync group members out of PingOne into a software as a service (SaaS) application, follow the instructions in Configuring outbound group provisioning.