# GitHub Enterprise

## How to Configure SAML 2.0 for GitHub Enterprise

{% hint style="info" %}
SAML single sign-on (SSO) gives organization owners and enterprise owners using GitHub Enterprise Cloud a way to control and secure access to organization resources like repositories, issues, and pull requests. Organization owners can invite your personal account on GitHub to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on GitHub. If you're a member of an enterprise with managed users, you will instead use a new account that is provisioned for you and controlled by your enterprise.
{% endhint %}

{% hint style="success" %}
**Prerequisites**

1. Access to the GitHub Enterprise admin account.
2. Administrative access to Hideez Enterprise Server to configure the IdP.
3. A configured Hideez Enterprise Server instance with user identities set up.
4. The users exist in Hideez Enterprise Server.
5. The user is added to the GitHub organization.
   {% endhint %}

## Step 0: Add users to the Hideez Enterprise Server

You have to add the users that belong to GitHub Enterprise to the tenant on Hideez Enterprise Server.

{% hint style="info" %}
**Instructions:**

* [Follow the guide for adding users to the  Hideez Enterprise Server and configuring authentication methods. ](https://enterprise.hideez.com/hideez-enterprise-server/employees/how-to-add-an-employee)
  {% endhint %}

## Step 1: Enable SAML Single Sign-On in GitHub Enterprise

1. Log in to your GitHub Enterprise account as an admin.
2. Navigate to the organization or enterprise settings:
   * **For organizations**: Go to `Settings → Security`.
   * **For enterprise accounts**: Go to `Enterprise settings → Authentication`.
3. In the **"SAML single sign-on"** section, click `Enable SAML authentication`.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FFv4E2MWJ8lOj7GaOfRMn%2Fimage.png?alt=media&#x26;token=830d4e26-78fa-4805-b09a-88e920d8d812" alt=""><figcaption></figcaption></figure>

### Step 2: Configure the SAML Settings in Hideez Enterprise Server

**General Application Setup**

1. Log in to your Hideez Enterprise Server as administrator.
2. Go to `Settings→ Parameters→ SAML→Add service provider` and create a new SAML application for GitHub Enterprise.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FaVaovim5Tw0j9DP0fpm3%2Fimage.png?alt=media&#x26;token=19212c23-fbf6-4a3c-85e5-673a84729a85" alt="" width="563"><figcaption></figcaption></figure>

3. Provide the following details during the setup:

* **Name**: Familiar name (e.g., SAML single sign-on for GitHub).
* **Issuer / SP Entity ID**: `https://github.com/enterprises/<organization-name>/` (replace `<organization-name>` with your organization's name). Example: `https://github.com/enterprises/hideez`.
* **ACS URL (Assertion Consumer Service URL)**: `https://github.com/orgs/<organization-name>/saml/consume`. Example: `https://github.com/enterprises/hideez/saml/consume`.

{% hint style="info" %}
**Locate the assertion consumer service URL directly on your GitHub Enterprise account.**

&#x20;                                    ![](https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2F0GNhWnJ1U7Loolum06v5%2Fimage.png?alt=media\&token=50a60b74-14ee-46c8-a68b-9a6cf3e0b201)
{% endhint %}

4. Click `Add`.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FYZGOCrOjbqxV8WB2eYfm%2Fimage.png?alt=media&#x26;token=6dd915b6-d53a-4741-80c8-2bb3c7749efc" alt="" width="563"><figcaption></figcaption></figure>

4. Go to the section `Identity Provider configuration` and download the Hideez Enterprise Server signing certificate (in X.509 format).

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FkFMnAcDCdvN3NZL99DYY%2Fimage.png?alt=media&#x26;token=f0ae5aac-d890-49af-ae74-508375512480" alt="" width="563"><figcaption></figcaption></figure>

4. Keep this section open for later use.

## Step 3: Complete SAML Setup in GitHub Enterprise

1. Return to the GitHub Enterprise SAML settings page.
2. Provide the following details:
   * **Sign on URL**: The SSO URL from Hideez Enterprise Server.
   * **Issuer**: The Entity ID or Issuer from Hideez Enterprise Server.
   * **Public Certificate**: Paste the X.509 certificate downloaded from Hideez Enterprise Server.
3. Open the Public Certificate downloaded from Hideez Enterprise Server on your computer, copy it, and paste it into GitHub.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FP6DTZvyBznzrirTFVI8C%2Fimage.png?alt=media&#x26;token=036926e1-2447-4892-bfd7-5c7012e0380c" alt=""><figcaption></figcaption></figure>

## Step 4: Test the SAML Configuration

1. On the GitHub Enterprise SAML settings page, click `Test SAML login`.
2. Verify that you are redirected to Hideez Enterprise Server for authentication.
3. Complete the login process and confirm access to GitHub Enterprise.
4. Click `Test SAML configuration` before saving settings.
5. Test SAML login to your GitHub Enterprise account using Hideez Enterprise Server.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2Fl3zes4L2BIF4AKbzO3Zb%2Fimage.png?alt=media&#x26;token=21ce7a35-1f8e-44de-be76-515171b80115" alt=""><figcaption></figcaption></figure>

## Step 5: Save SAML for the GitHub Enterprises

1. After testing is successful, return to the SAML settings page.
2. Click `Save SAML settings`.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2Fo59ZPfF2W8rSNF8WW6i0%2Fimage.png?alt=media&#x26;token=4f8bb339-5820-498a-9ba4-471bebc72c22" alt=""><figcaption></figcaption></figure>

3. Save recovery codes for emergencies.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2Fu6s9pe7GQOjeW3ph28i8%2Fimage.png?alt=media&#x26;token=389e5712-949c-4496-85a7-4d36796600c9" alt="" width="446"><figcaption></figcaption></figure>

{% hint style="info" %}
For further assistance, refer to [GitHub Enterprise documentation](https://docs.github.com/en/enterprise) and Hideez Identity Cloud support resources.
{% endhint %}