Learn how to enable GitHub sign on from a PingFederate URL (IdP-initiated sign on) and direct GitHub sign on using PingFederate (SP-initiated sign on).
- Configure PingFederate to authenticate against an IdP or datastore containing the users requiring application access.
- Populate GitHub with at least one user to test access.
- You must have administrative access to PingFederate and GitHub.
Create a PingFederate SP
connection for GitHub:
- Sign on to the PingFederate administrative console.
Create an SP connection for GitHub in Ping Federate UI:
- Configure using Browser SSO profile SAML 2.0.
- Set Partner’s Entity ID to https://github.com/orgs/<Your tenant>.
- Enable the following SAML Profiles:
- IdP-Initiated SSO
- SP-Initiated SSO
- In Assertion Creation: Authentication Source Mapping: Attribute Contract Fulfillment, map SAML_SUBJECTto an attribute containing the user’s email address.
- In Protocol Settings: Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to https://github.com/orgs/<Your tenant>/saml/consume.
- In Protocol Settings: Allowable SAML Bindings, enable POST.
- In Credentials: Digital Signature Settings, select the PingFederate Signing Certificate.
- Save the configuration.
- Export the signing certificate.
- Export and then open the metadata file, and copy the value of the entityID and the Location entry (https://<your value>/idp/SSO.saml2).
Add the PingFederate IdP
connection to GitHub:
- Sign on to GitHub as an administrator.
- Select your GitHub organization.
- Click Organization settings, then click Security.
Under SAML single sign-on, select
Enable SAML authentication.
The assertion consumer service URL displayed on this screen should match the value that you entered into the PingFederate Endpoint URL field.
Set the following values.
Sign on URL
The PingFederate Location value (https://<your value>/idp/SSO.saml2)
The PingFederate entityID value.
Paste in the contents of the PingFederate signing certificate.
- Click Save.
Test the PingFederate
IdP-initiated SSO integration:
- Go to the PingFederate SSO Application Endpoint for the GitHub SP connection.
Complete the PingFederate authentication.
You're redirected to your GitHub domain.
Test the PingFederate
SP-initiated SSO integration:
- Go to https://github.com/orgs/<Your tenant>/sso
After you're redirected to PingFederate, enter your PingFederate username
You're redirected back to GitHub.