• Configure PingFederate to authenticate against an IdP or datastore containing the users requiring application access.
  • Populate GitHub with at least one user to test access.
  • You must have administrative access to PingFederate and GitHub.
  1. Create a PingFederate SP connection for GitHub:
    1. Sign on to the PingFederate administrative console.
    2. Create an SP connection for GitHub in Ping Federate UI:
      1. Configure using Browser SSO profile SAML 2.0.
      2. Set Partner’s Entity ID to https://github.com/orgs/<Your tenant>.
      3. Enable the following SAML Profiles:
        • IdP-Initiated SSO
        • SP-Initiated SSO
      4. In Assertion Creation: Authentication Source Mapping: Attribute Contract Fulfillment, map SAML_SUBJECTto an attribute containing the user’s email address.
      5. In Protocol Settings: Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to https://github.com/orgs/<Your tenant>/saml/consume.
      6. In Protocol Settings: Allowable SAML Bindings, enable POST.
      7. In Credentials: Digital Signature Settings, select the PingFederate Signing Certificate.
    3. Save the configuration.
    4. Export the signing certificate.
    5. Export and then open the metadata file, and copy the value of the entityID and the Location entry (https://<your value>/idp/SSO.saml2).
  2. Add the PingFederate IdP connection to GitHub:
    1. Sign on to GitHub as an administrator.
    2. Select your GitHub organization.
    3. Click Organization settings, then click Security.
    4. Under SAML single sign-on, select Enable SAML authentication.

      The assertion consumer service URL displayed on this screen should match the value that you entered into the PingFederate Endpoint URL field.

      Screen capture of GitHub settings with the Enable checkbox, assertion consumer service URL, Sign on URL, Issuer URL, and Public certificate fields highlighted in red.
    5. Set the following values.
      Field Value

      Sign on URL

      The PingFederate Location value (https://<your value>/idp/SSO.saml2)


      The PingFederate entityID value.

      Public certificate

      Paste in the contents of the PingFederate signing certificate.

    6. Click Save.
  3. Test the PingFederate IdP-initiated SSO integration:
    1. Go to the PingFederate SSO Application Endpoint for the GitHub SP connection.
    2. Complete the PingFederate authentication.

      You're redirected to your GitHub domain.

  4. Test the PingFederate SP-initiated SSO integration:
    1. Go to https://github.com/orgs/<Your tenant>/sso
    2. After you're redirected to PingFederate, enter your PingFederate username and password.

      You're redirected back to GitHub.