Configuring provisioning for GitHub Enterprise

Use this task to provision users from IBM Security® Verify to a GitHub Enterprise application.

Before you begin

You need a GitHub Enterprise Server account with administrator access. You also need the following parameters to configure user provisioning in IBM Security Verify, which are generated from GitHub Enterprise.
  • Organization name
  • Host name
  • App ID
  • Private key
  • Personal access token

About this task

Only one application can be assigned for each GitHub Enterprise Server organization. GitHub Enterprise Server supports authentication that is based on GitHub App Token and Personal Access Token specifications.

Provisioning provides the following features.

Create new users
Users who are entitled to the GitHub Enterprise application through IBM Security Verify are also created in the GitHub Enterprise application if the user account does not exist.
Delete users
Deactivating the user or disabling the user's access to the application through IBM Security Verify deletes the user in the GitHub Enterprise Server application.
Modify user profile
Updates made to the user's profile through IBM Security Verify are pushed to the GitHub Enterprise application.
Users suspend and restore
Suspending a user through IBM Security Verify deactivates the user, and restoring the user through Verify activates the user in the GitHub Enterprise application.
User account synchronization and remediation
The GitHub Enterprise application supports user synchronization, remediation, and group synchronization features. Account synchronization fetches all the target application users in IBM Security Verify and matches the fetched users with users in IBM Security Verify. The adoption policy that is defined on the application specifies the matching attributes for adoption of the reconciled users. Remediation policy can be configured to remediate user accounts with attribute values that differ between IBM Security Verify and the target application. IBM Security Verify supports the following three remediation policies.
  • Do not remediate non-compliant accounts automatically.
  • Update the IBM Security Verify account attribute values with the target application values.
  • Update the target application account attribute values with IBM Security Verify values.
Fine grained entitlement
Fine grained entitlement is supported for the GitHub Enterprise application. Synchronized fetches all the GitHub Enterprise applications and application groups. Users can be added to or removed from the groups.

Procedure

  1. Log in to GitHub Enterprise as a user that has an Organization Administrator role.
  2. The following parameters are required to configure user provisioning in IBM Security Verify.
    1. Organization Name

      Use the following steps to get the Organization name.

      1. Click profile logo, then select the Your organization logo from the drop-down menu.
      2. From the list of organizations, select configured organization on IBM Security Verify.
      3. Use the Organization as an Organization Name.
    2. Host Name
      Use your GitHub Enterprise Server Host as the Host Name.
    3. Personal Access Token

      Use the following steps to get a Personal Access Token.

      1. Click profile logo from the menu, then select User settings from the drop-down menu.
      2. From the left menu list, click Developer settings.
      3. Click Personal Access Token.
      4. Generate a Personal Access Token with all permissions and remember to copy the generated Personal Access Token.
    4. App ID

      Use the following steps to generate an App ID.

      1. Click profile logo from the menu, then select Your organization from the drop-down menu.
      2. From the list of Organizations, click Settings of configured Organization.
      3. From the left menu list, click Developer settings.
      4. Click GitHub App.
      5. Click New GitHub App.
      6. Provide a Name for GitHub App.
      7. Provide a hostname as homepage URL and webhook URL.
      8. Provide following permissions.

        Grant read and write access to administration under Repository permission.

        Grant read and write access to administration under Organization permission.

        Grant read and write access to member under Organization permission.

        Grant read and write access to email address under User permission.

    5. Private Key

      Use the following steps to generate a Private Key.

      1. Select your GitHub App under your Organization Settings.
      2. From the left menu list under General, click Generate a private key. A PEM file is downloaded.
      3. Use this PEM file as the Private Key.
      Note: The User is removed from Organization if the provision action is deleted. If the provision action is suspended, the user is suspended. For a delete provision action: If a Cloud Directory user is deleted, it is removed from the organization and suspended.