This article describes how to configure OneLogin to provision users with GitHub.com.
- Configure SAML SSO for GitHub.com
- Verify that your organization is on the GitHub.com Business Plan
Enabling GitHub provisioning
Log into OneLogin as a Super user or Account Owner, go to Apps > Company Apps, and select your GitHub.com app.
On the Configuration tab, connect to the GitHub API.
Your Organization name should already have been entered when you set up SAML.
Enter the GitHub SCIM Base URL, using the format
where your_organization is your GitHub organization name
Click Authenticate and follow the prompts to authenticate to GitHub.com using an admin user name and password.
If the connection is successful, the API Status icon switches to .
On the Provisioning tab, enable provisioning and set your administrative approval policy.
Select Enable provisioning for GitHub.
Select the provisioning actions that require admin approval.
If you select any of the available actions, an admin must go to Users > Provisioning and manually approve the action every time it occurs.
Enabling these action options is useful especially before you intend to start provisioning, because it prevents you from provisioning users with GitHub inadvertently during the course of setup and testing. With this safeguard enabled, a OneLogin administrator can choose to ignore any inadvertent provisionings.
Once you are done configuring and testing provisioning, you can clear these settings to make provisioning updates in GitHub without requiring administrative approval.
Select how users who are deleted in OneLogin are handled in GitHub.
Choose between Delete or Do Nothing.
- Click Save.
On the Parameters tab, confirm the mapping of GitHub attributes to OneLogin attributes.
NameID is included in the SAML assertion passed by OneLogin to GitHub. You do not need to change it to enable provisioning.
SCIM Username is used for provisioning. Keep the default OneLogin value of Email unless you are using a different OneLogin value for SAML NameID, in which case you can change the SCIM Username value by clicking the parameter row.
Testing GitHub Provisioning
To confirm that provisioning from OneLogin to GitHub is working, assign GitHub to a OneLogin user and go to Users > Provisioning to approve the provisioning event, if necessary.
The user should show as Provisioned in OneLogin but they will not yet show in your GitHub Organization.
- The user will receive an email from GitHub to complete the provisioning process
- The user will need to click the Join <OrgName> link from the email
- Launching the link will take them to GitHub to create a unique username which will complete the provisioning process.