- Generate a public certificate and private key pair.
- In order to successfully complete the integration between JumpCloud and GitHub Enterprise, you must use a team admin (administrator) account on a GitHub Enterprise plan.
- How to configure User authorization.
- Please carefully follow the steps to configure GitHub Enterprise SAML. Specifically, note that the checkboxes for
idP initiated SSO (disables AuthnRequest)and
Disable administrator demotion/promotion. (ignore the administrator attribute)are selected.
Configure the JumpCloud SSO Application
- Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
- Select Applications in the main navigation panel.
- Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
- You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
- In the IDP Entity ID field, enter
- Select Upload IdP Private Key and upload the private.pem file generated according to the above prerequisites.
- Select Upload IdP Certificate and upload the cert.pem file generated according to the above prerequisites.
- In the SP Entity ID field, enter
https://HOSTNAME(replace HOSTNAME with the hostname of the server on which GitHub Enterprise is hosted. E.g.
- In the ACS URL field, enter
https://HOSTNAME/saml/consume(replace HOSTNAME with the hostname of the server on which GitHub Enterprise is hosted. E.g.
- In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
- (Optional) In the Display Label field, enter a label that will appear beside the GitHub Enterprise logo within the JumpCloud console to guide administrators and users to the connection you have configured.
- Select Activate.
Configure the Service Provider
- Log in to the GitHub Enterprise management console, usually at
https://HOSTNAME:8443(This user's email should also be managed by JumpCloud).
- Select Authentication in the lefthand menu.
- Select the SAML radio button.
- Select the idP initiated SSO (disables AuthnRequest) checkbox.
- Select the Disable administrator demotion/promotion. (ignore the administrator attribute) checkbox.
- In the Single sign-on URL field, enter the same IdP URL that you set in the JumpCloud console (if you did not modify the termination of this URL, then enter the default URL:
- In the Issuer field, enter the IdP Entity ID you selected in the JumpCloud console.
- In the Verification certificate field, paste the contents of your public certificate.
- Scroll to the bottom of the page and select Save settings Note: This will cause your GitHub Enterprise server to restart the GitHub service.
Validate SSO authentication workflows
- Access the JumpCloud User Console at https://console.jumpcloud.com.
- Select the Service Provider icon.
- This should automatically launch and login to the application.
- In your Web browser, navigate to the GitHub Enterprise
- If necessary, log into the JumpCloud User Console as the appropriate user.
- You should automatically be logged in to GitHub Enterprise.