website/integrations: New VCS section and GitHub integrations (#3437)
* website/docs: create VCS section Moved gitea and gitlab to new VCS category. * website/docs: add GitHub-related integrations Added GitHub Organization and GitHub Enterprise Cloud integrations. GHEC contains a note on EMU users being unsupported (GitHub limitation). * website/docs: added GitHub links to VCS * website/docs: Fix GitHub linter problems
This commit is contained in:
Oliver Møller
53
website/integrations/services/github-organization/index.md
Normal file
53
website/integrations/services/github-organization/index.md
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
title: GitHub Organization
|
||||
---
|
||||
|
||||
<span class="badge badge--secondary">Support level: Community</span>
|
||||
|
||||
## What is GitHub Organizations
|
||||
|
||||
From https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations
|
||||
|
||||
:::note
|
||||
Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `github.com/orgs/foo` is your GitHub organization, where `foo` is the name of your org
|
||||
- `authentik.company` is the FQDN of the authentik Install
|
||||
|
||||
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://github.com/orgs/foo/saml/consume`
|
||||
- Audience: `https://github.com/orgs/foo`
|
||||
- Issuer: `https://github.com/orgs/foo`
|
||||
- Binding: `Post`
|
||||
|
||||
Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.
|
||||
|
||||
Once the provider is created, it is advised to download the signing certificate as you will need it later.
|
||||
|
||||
## GitHub Configuration
|
||||
|
||||
Navigate to your organization settings by going to your organization page at https://github.com/foo, then click Settings.
|
||||
|
||||
In the left-hand navigation, scroll down to the Security section and click `Authentication security`
|
||||
|
||||
On this page:
|
||||
|
||||
- Select the `Enable SAML authentication` checkbox.
|
||||
- In `sign-on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
|
||||
- For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik
|
||||
- For `Public certificate`, paste the _full_ signing certificate into this field.
|
||||
- Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.
|
||||
|
||||
Once these fields are populated, you can use the `Test SAML configuation` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
|
||||
|
||||
Scroll down to hit the `Save` button below.
|
||||
|
||||
|
||||
|
||||
This enables SAML as an authentication _option_. If you want to _require_ SAML for your organization, visit your SSO url at `https://github.com/orgs/foo/sso` and sign in. Once signed in, you can navigate back to the `Authentication security` page and check `Require SAML SSO authentication for all members of the foo organization.`
|
||||
Reference in New Issue
Block a user