Azure AD user Account provisioning not working

I have an GitHub Enterprise and configured Azure AD account provisioning as described here Configure GitHub for automatic user provisioning. SAML SSO has also been in place as this was a requirement in order to configure user provisioning. From Azure AD I can see user are created within GitHub when I add them. However, I’m not able to login with the Azure AD username and password.

When trying to login GitHub wants me to create a GitHub account or login with a GitHub account. I want to be able to login from my GitHub application (within office.com) and login using SSO between my Azure AD account and the GitHub account which has been created.

Am I missing something?

Hi there @mklifman :wave:

Thanks so much for joining us here in the Support Community! Since you are working with an Enterprise account, the solution may be unique, depending on whether or not you’re using Cloud, or a self-hosted instance of GHE.

Because of this, I highly recommend opening a ticket with our Enterprise Support team:

They should be able to help you more directly and have other resources available outside of our users and staff in the forum.

Cheers!

Hi @mklifman, from your comment it sounds like you are using github.com (GitHub Enterprise Cloud) as opposed to self-hosted instance (GitHub Enterprise Server).

If you are using cloud, I would say whilst being described as SAML Single Signon is not is fact a true SSO experience or single sign on as most people expect and used in other applications. I haven’t tried it with automatic user provisioning just SAM enabled organization but suspect its the same approach
So as a user you still have a personal GitHub account and must sign in with that, and then to access any organizations/resources protected by a SAML enabled organization a linked identity approach is used and valid SAML session with your linked identity (Azure AD in your case) is required for access, or personal access token that has been explicitly enabled for your organization.

FYI you may which to keep an eye on GitHub’s Public Roadmap and progress on item Enterprise Managed Users (Private Beta), which would is trying to deliver a more true SSO experience.

1 Like

@byrneh has hit the nail on the head in regards to GHEC. You have your GitHub.com account, which gets you to GitHub.com. Then, if you are trying to access your SAML protected organization, it then asks you to authenticate with your AAD credentials.

Thanks for the help, I placed a support ticket and the team explained that it is not supporting (at the moment) account creation from Azure AD. This was the confusing part because it looked like an account has been created. So maybe in the future it will be possible to create GitHub accounts from Azure AD.