---
title: Adding Github.com to Your PingOne for Enterprise Dock
description: Add the Github.com application your PingOne for Enterprise Dock from the application catalog.
component: pingoneforenterprise
page_id: pingoneforenterprise:pingone_for_enterprise_app_catalog:p14eapps_github
canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise_app_catalog/p14eapps_github.html
revdate: October 4, 2023
section_ids:
  steps: Steps
  next-steps: Next steps
  github-com-connection-configuration: Github.com Connection Configuration
  steps-2: Steps
  choose-from: Choose from:
  choose-from-2: Choose from:
  next-steps-2: Next steps
  github-com-provisioning: Github.com Provisioning
  before-you-begin: Before you begin
  about-this-task: About this task
  steps-3: Steps
  next-steps-3: Next steps
  github-com-attribute-mapping: Github.com Attribute Mapping
  about-this-task-2: About this task
  steps-4: Steps
  choose-from-3: Choose from:
  next-steps-4: Next steps
  github-com-customization: Github.com Customization
  steps-5: Steps
  next-steps-5: Next steps
  github-com-group-access: Github.com Group Access
  about-this-task-3: About this task
  steps-6: Steps
  next-steps-6: Next steps
---

# Adding Github.com to Your PingOne for Enterprise Dock

Add the Github.com application your PingOne for Enterprise Dock from the application catalog.

## Steps

1. In the PingOne for Enterprise admin console, go to **Applications > Application Catalog**.

2. **Optional:** In the **Search** field, search for the application.

3. Click the **Github.com** application line to expand it and then click **Setup**.

4. On the **SSO Instructions** tab, click **Download** to download the signing certificate.

5. In a separate tab or window, sign on to the Github.com admin portal.

6. In the Github admin portal, click your profile photo, then go to **Enterprise Settings > Settings > Security**.

7. Under **SAML single sign-on**, select the **Enable SAML authentication** checkbox.

8. In Github, enter the following information.

   1. In the **Sign on URL** field, enter `https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<idpid>`, replacing *\<idpid>* with the **IdP ID** value from PingOne for Enterprise.

   2. In the **Issuer** field, enter the **Issuer** value from PingOne for Enterprise.

   3. In a plain text editor, open the PingOne for Enterprise signing certificate you downloaded in Step 4.

   4. Copy the contents of the certificate (including the "Begin Certificate" and "End Certificate" lines) and paste it into the **Public certificate** field.

9. Click **Test SAML configuration**.

10. Click **Save**.

## Next steps

In PingOne for Enterprise, click **Continue to Next Step**.

## Github.com Connection Configuration

### Steps

1. Import the metadata for Github:

   #### Choose from:

   * Click **Select File** to upload the metadata file.

   * Click **Or use URL** to enter the URL of the metadata.

2. In the **ACS URL** field, enter the **ACS URL** value from Github.

   The ACS URL will be in the format `https://<github hostname>/saml/consume`.

3. In the **Entity ID** field, enter the **SP Entity ID** value from Github.

   The entity ID will be in the format `https://<github hostname>`.

4. In the **Target Resource** field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

5. In the **Single Logout Endpoint** field, enter a URL for PingOne to send single logout (SLO) requests to.

6. In the **Single Logout Response Endpoint** field, enter a URL for PingOne to send SLO responses to.

7. To add a **Primary Verification Certificate**, click **Browse** to locate and upload a local certificate file used to verify SLO requests and responses coming from Github.

8. To add a **Secondary Verification Certificate**, click **Browse** to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.

9. Select the **Force Re-authentication** checkbox to require your identity bridge to re-authenticate users with an active SSO session.

10. Select the **Encrypt Assertion** checkbox to encrypt outgoing SAML assertions.

11. On the **Signing** line:

    #### Choose from:

    * Click **Sign Assertion** to have PingOne sign outgoing SAML assertions. This is the default option.

    * Click **Sign Response** to have PingOne sign responses to incoming SAML assertions.

12. From the **Signing Algorithm** list, select an algorithm with which to sign SAML assertions.

13. Select the **Use Custom URL** checkbox to enter a customer URL to launch Github from the dock.

14. Select the **Set Up Provisioning** checkbox to configure user provisioning to Github.

### Next steps

Click **Continue to Next Step**.

## Github.com Provisioning

### Before you begin

Ensure that popups are permitted in your browser.

### About this task

|   |                                                                                                                         |
| - | ----------------------------------------------------------------------------------------------------------------------- |
|   | If you don't need to set up user provisioning, proceed to [Github.com Attribute Mapping](p14eapps_github_mapping.html). |

If you selected **Set Up Provisioning** on the **Connection configuration** tab:

### Steps

1. In PingOne for Enterprise, click**Continue to Next Step**.

2. In the **BASE\_URL** field, enter you base URL.

   The base URL format is `https://api.github.com/scim/v2/organizations/<organization name>`.

   For information on finding your organization name, see [Accessing an organization](https://docs.github.com/en/github-ae@latest/github/setting-up-and-managing-your-github-user-account/accessing-an-organization) in the Github documentation.

3. Generate and enter your OAuth access token.

   1. Obtain your Github client ID and client secret.

      For more information, see [Obtain client ID and secret from GitHub](https://docs.pingidentity.com/integrations/github/github_provisioner/pf_github_connector_obtain_client_id_and_secret_from_github.html).

   2. Go to the [Ping OAuth Configuration Service](https://oauth.pingone.com/ocs/ppm/rest/v1/oauth/oasrequestform) and generate your access token.

   For more information about generating tokens, see [Generate OAuth access tokens](https://docs.pingidentity.com/bundle/integrations/page/kjc1563995014912.html) in the Ping documentation.

   1. In PingOne for Enterprise, in the **OAUTH\_ACCESS\_TOKEN** field, enter your access token.

### Next steps

Click **Continue to Next Step**.

## Github.com Attribute Mapping

### About this task

PingOne will automatically populate required SAML attributes.

For Github.com, the required attribute is `SAML_SUBJECT`. Map this to the email address attribute.

If you enabled provisioning, the required provisioning attributes are:

* `userName`: Github's unique identifier for the user. This attribute is mapped to `Email` by default.

* `workEmail`: This attribute is mapped to `Email` by default.

* `firstName`: This attribute is mapped to `First Name` by default.

* `lastName`: This attribute is mapped to `Last Name` by default.

* `externalID`: A string that identifies the resource in the provisioning client. This attribute is mapped to `externalID` by default.

### Steps

1. To add an additional optional attribute, click **Add new attribute**.

2. In the **Application Attribute** field, enter the attribute name as it appears in the application.

3. In the **Identity Bridge Attribute or Literal Value** field, choose one of the following:

   #### Choose from:

   * To map to the application attribute: Enter or select a directory attribute.

   * To assign to the application attribute: Select **As Literal**, then enter a literal value.

4. To create advanced attribute mappings, click **Advanced**.

   Learn more in [Creating advanced attribute mappings](../pingone_for_enterprise/p14e_creating_advaced_attribute_mappings.html).

### Next steps

Click **Continue to Next Step**.

## Github.com Customization

### Steps

* To change the application icon, click **Select image** and upload a local image file.

  The image file must be:

  * PNG, GIF, or JPG format

  * 312 x 52 pixels maximum

  * 2 MB maximum file size

    |   |                                                  |
    | - | ------------------------------------------------ |
    |   | Images are scaled to 64 x 64 pixels for display. |

* To change the name of the application displayed on the dock, in the **Name** field, enter a new name.

* To change the description of the application, in the **Description** field, enter the new description text.

* To change the category to which the application is assigned on the dock, in the **Category** list, select a category.

  Learn more in [Creating a custom application category](../pingone_for_enterprise/p14e_creating_custom_application_category.html).

### Next steps

Click **Continue to Next Step**.

## Github.com Group Access

### About this task

The **Group Access** tab shows every user group that you have created.

Learn more in [Adding user groups](../pingone_for_enterprise/p14e_add_groups.html).

### Steps

* To add a group's access to the application, on the line for that group, click **Add**.

* To remove a group's access, on the line for that group, click **Remove**.

* When you're finished assigning groups, click **Continue to Next Step**.

### Next steps

On the **Review Setup** tab, review your configuration, and click **Finish** to add the application to your PingOne Dock.