What authentication type for automated user management?

We want to automate user management in our organization and private repository.  We have an automated termination process and we want to add that when a person is termed from our company they are removed from our GitHub org and access removed to private repo.

I’ve been reading about the different types of authentication types that GitHub uses and have throughly confused myself as to which type I should use for this (FYI we have 2FA required).

At this point I’m thinking we should just create an ‘integraion account’ in GitHub with its own email address making it an owner of both, then create GitHub app bases on that user account to do the work.



There are probably multiple ways to do this but you could write a script that uses OAuth authentication to authenticate as the user running the script (assuming they had the appropriate access rights to remove organization members). You can see some of the code that I use for that kind of thing in the scripts in my dotfiles repository.

I hope that helps!

I kept going back and forth which way to do it and the OAuth seems as good as any other.

Talk about some synchronicity. I had just thought about this question and started logging into GitHub when I got the email notification that you had replied.

Thanks for that help and code!


1 Like