Integrating GitHub Org with SAML shibboleth & post actions


I am at the beginner level of GitHub cloud administration and looking for answers to the below-listed questions after I enable SAML integration (Shibboleth) for my Github cloud Organisation.

Before enabling IDP integration with shibboleth idp integration on GitHub cloud org

I am planning to inform all my Organization users to use the primary email ID as the Company email and this as a primary attribute to create a user map to shibboleth idp.

can anyone who has experience in this integration please share your view and guide if anything needs to be considered apart from the primary email id for integration.

My Questions:

  1. When a User leaves the Organization which is integrated with SAML ( Shibboleth),
    Do we need to manually remove the SSH key of the user who leaves the organization?

  2. After Integration with SAML
    How the SSH Keys are Managed. ( or the SSH key upload/remove process remain AS-IS i.e default workflow)

  3. Can we block the SSH keys of a User in Organization after he /she left the organization to avoid any SSH-based access to repos?

  4. Once a User leaves an Organization, Does an Org Admin need to remove user access in GitHub cloud Organization explicitly?

Thanks in advance.

1 Like

SSH keys belong to the user. Once the user leaves the Organization that user, along with any SSH keys that are authorised for use, will no longer have access to the Organization.

However, if you are using deploy keys make sure you have a process in place to review them periodically.

Finally, when a user loses access to the Organization via your idP the user is automatically removed from the GitHub Organization.