• Link PingOne to an identity repository containing the users requiring application access.
  • Populate GitHub with at least one user to test access.
  • You must have administrative access to PingOne and GitHub.
  1. Download the GitHub metadata:
    1. Go to where your GitHub server publishes its metadata (https://<GitHub hostname>/saml/metadata).
    2. Save the metadata as an XML file.
  2. Set up the GitHub application in PingOne:
    1. Sign on to PingOne for Enterprise and go to Applications > Application Catalog.
    2. On the SAML tab, click Add Application.
      Screen capture of PingOne My Applications tab with the Add Application drop down opened and New SAML Application selected.
    3. Enter GitHub as the application name.
    4. Enter a suitable description.
    5. Select Collaboration as the category.
    6. Click Continue to Next Step.
    7. In the Upload Metadata row, click Select File and upload the metadata file that you saved from GitHub.
      Screen capture of PingOne Application nConfiguration section with the Select File button next to Upload Metadata highlighted in red.
      The following values should now be populated:
      • ACS URL: https://github.com/orgs/<Your tenant>/saml/consume
      • Entity ID: https://github.com/orgs/<Your tenant>
    8. Click Continue to Next Step.
    9. Click Add new attribute and map SAML_SUBJECT to the attribute containing the user’s email address.
      Screen capture of PingOne SSO Attribute Mapping section with the Add new attribute button highlighted in red.Screen capture of PingOne SSO Attribute mapping section with the Application Attribute table displaying SAML_SUBJECT as the first row entry.
    10. Optional: Add the username and full_name attributes, then map these to appropriate attributes.

      This populates these values in GitHub when a new user signs on.

    11. Click Continue to Next Step.
    12. Click Add for all user groups that should have access to GitHub.
      Screen capture of PingOne Group Access section.
    13. Click Continue to Next Step.
    14. Copy the Issuer and idpid values.
      Screen capture of PingOne Issuer and idpid values redacted and highlighted in red.
    15. Download the signing certificate.
      Screen capture of PingOne Signing Certificate Download hyperlink highlighted in red.
    16. Click Finish.
  3. Add the PingOne IdP Connection to GitHub:
    1. Sign on to GitHub Enterprise Server as an administrator.
    2. Click the Rocket icon.
    3. Click Management Console.
      Screen capture of GitHub Site admin controls with Management console highlighted in red.
    4. Click Authentication.
      Screen capture of GitHub Authentication option highlighted in red.
    5. Click SAML and select the idP initiated SSO (disables AuthnRequest) check box.
      Screen capture of GitHub Authentication settings with SAML checked and idP initiated SSO highlighted in red.
    6. In the Single sign-on URL field, enter https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<idpid value from PingOne>.
      Screen capture of GitHub Single sign-on URL field highlighted in red.
    7. In the Issuer field, enter the PingOne Issuer value.
      Screen capture of GitHub Issuer field highlighted in red.
    8. Click Choose File for the Verification Certificate and upload the PingOne signing certificate that you downloaded.
    9. Click Save Settings.
  4. Test the PingOne IdP-initiated SSO integration:
    1. Go to your Ping desktop as a user with GitHub access.
      Note:

      To find the Ping desktop URL in the Admin console, go to Setup > Dock > PingOne Dock URL.

    2. Complete the PingOne authentication.

      You're redirected to your GitHub server.

      Screen capture of PingOne sign on screen.
  5. Test the PingOne SP-initiated SSO integration:
    1. Go to your GitHub server.
    2. After you're redirected to PingOne, enter your PingOne username and password.
      Screen capture of PingOne sign on screen.

      You're redirected back to GitHub.