SAML Github Enterprise server configuration

…I have one pressing question i want to configure both instance with SML with the url below “Using SAML - GitHub Docs” . Under “configuring saml settings” in the above link what info do i need from my networking team how do i proceed with step 11 " Under Verification certificate , click Choose File and choose a certificate to validate SAML responses from the IdP."" thanks

Hi @mikeadams123 - this verification certificate will come from your IdP (Identity Provider), and your SAML team should be able to provide it.

What IdP are you using? I’ll be happy to send any information we have for your IdP.

nothing much from your network team as it is your IdP team that are most likely doing the configuration.
If you are using Azure Active Directory as your IdP the link below may help.
[Tutorial: Azure Active Directory integration with a GitHub Enterprise Cloud Organization | Microsoft Docs]
You download the Certificate (Base64) from your IdP configuration.

Thanks for the helpful information @GalaxyAllie and @byrneh . Do i need to configure SAML in my HA replica as well or since its a replica i dont need to?

Hi @mikeadams123 you’re very welcome. You only need to configure it on the primary instance, the replica uses the configuration from your primary and authentication is handled by the primary.

Awesome @GalaxyAllie if i still want to keep my admin credentials { so i am still logging in with username and password created when the GItHub appliance was installed} do i need to Select Disable administrator demotion/promotion?

@mikeadams123 - this option determines if your IdP can assign admin rights for users coming from the IdP, and won’t apply to built-in authentication accounts at all if you’re also allowing built-in authentication accounts as it sounds like is your plan.

@GalaxyAllie so my options when SAML is selected are
1} Allow creation of accounts with built-in authentication (for users not in saml)
2}IdP initiated SSO (disables AuthnRequest)
3) Disable administrator demotion/promotion (ignore the administrator attribute)

Hi @mikeadams123 , we recommend not enabling IdP-initiated SSO unless your IdP requires it.

1 Like

@GalaxyAllie i suppose if i dont select any of the 3 options my admin user and password which got created when i set up the GitHub instance will still be intact. so after configuring SAML in GitHub i can still use my original admin credentials which i used to setup GitHub to still log into the instance correct?

1 Like