This article describes the configuration steps involved in integrating Microsoft Github with RSA Cloud Authentication service using SCIM. 
    
Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a SCIM client. 

Procedure

1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
2. Click Create from Template and then click the Select button next to SAML Direct.
3. On the Basic Information page, provide a name for the Microsoft Github app and an optional description.

4. First, configure the Microsoft GitHub integration using SAML before proceeding to the Fulfillment section. Refer to the articles listed in the Integration Configuration section of the Microsoft GitHub - RSA Ready Implementation Guide for detailed instructions.
5. Navigate to the Fulfillment page on the left pane.
6. On the Fulfillment page, Enable the fulfillment service by using the toggle button and choose the Approver Type from: None, Manager, Application Owner, Manager & Application Owner.

7. In the Fulfillment Configuration Type drop-down list, choose SCIM Endpoint and enter the required details.
   1. Base URI: https://api.github.com/scim/v2/enterprises/<enterprise-url-slug>
   2. API Key: The token generated during the Microsoft GitHub Enterprise Cloud configuration.

8. You can enable the Application Roles toggle button and create specific criteria for each provisioned user. You can set the role name of the provisioned user to specific roles, such as enterprise_owner.

Note: The selected user must then match any or all of the criteria you specify. Follow your preferred criteria for configuration.

9. Click Save and Finish and publish the changes.

The configuration is complete. 

Configure Microsoft Github

Perform these steps to configure Microsoft Github as a SCIM server. 

Pre-requisites 

1. Before configuring Microsoft GitHub, start by signing up for GitHub Enterprise Cloud and creating your enterprise account.
2. Ensure you select Enterprise with managed users option when setting up your GitHub Enterprise Cloud account.

3. After selecting Enterprise with managed users, you’ll be prompted to enter details about your GitHub Enterprise Cloud.
   1. Enterprise name: Provide a name of your choice for the enterprise.
   2. Enterprise URL slug: Enter a custom URL slug for your enterprise (The enterprise URL will appear as: https://github.com/enterprises/your-slug).
   3. Username shortcode: Enter a shortcode to be used in member usernames (e.g., usernames will appear as username_rsapelab).
   4. Industry: Select the industry that best represents the primary focus or purpose of this enterprise.
   5. Number of employees: Choose the employee range that this enterprise is intended to support.
   6. Country/Region: Choose the country and region where your enterprise is based.
   7. Identity Provider: Choose Custom or other.

4. You will then be prompted to enter an enterprise account as an admin to manage the GitHub Enterprise Cloud configuration.
5. After that, you will receive an email with your admin username and be prompted to set up your identity provider.

Procedure

1. Log in to GitHub enterprise cloud as an admin: https://github.com/login.
2. In the Getting Started tab, you will find instructions to configure single sign-on and SCIM provisioning for the enterprise.

3. Click Generate SCIM token.

4. You will be taken to a page where you can generate a new personal access token (classic).
   1. Note: Provide a reason for obtaining this token.
   2. Expiration: Make sure that the token expiration is set to “No expiration”. If the token expired, SCIM provisioning may unexpectedly stop working.

1. 3. Ensure that the “scim:enterprise” scope is enabled to configure provisioning for this enterprise.

1. 4. Click on Generate token.

5. The newly generated personal access token will be displayed; make sure to copy it, as you won’t be able to view it again.

6. Click Enable Single Sign-On.

7. You will then be redirected to the single sign-on configuration page. Under "SAML Single Sign-On," click on Add SAML Configuration.

8. Under SAML Single Sign-On, enter all the required details in the following format:
   1. Sign-on URL: This is the Identity Provider URL previously obtained from the RSA Cloud Authentication Service configuration.
   2. Issuer: This is the Identity Provider URL previously obtained from the RSA Cloud Authentication Service configuration.
   3. Public certificate: Upload the certificate downloaded from RSA Cloud Authentication Service.

9. Click Test SAML Configuration to verify the setup. Upon successful testing, you will receive confirmation, after which you can click Save SAML Settings.

10. After that, you will be redirected to a page displaying recovery codes. You will have the option to download, print, or copy them in case you ever get locked out and can't sign in.
11. Click on Enable SAML authentication.

12. Go to the Identity Provider tab, where you will now see that SAML Single Sign-On is enabled. 

13. In Open SCIM Configuration section, ensure that Enable Open SCIM Configuration is turned on.

14. If you go to the Getting Started tab, you will see that the final step is to configure provisioning. The status will currently be listed as "Waiting for provisioning requests."

15. Once any user requests access, the status will change accordingly.

Test Application

1. Enter your username or email address in the text field, and the option to Sign in with your identity provider will be displayed.

2. You will then be prompted to confirm that you will authenticate your account by signing in through your enterprise's Single Sign-On (SSO) provider.

Notes

1. After enabling SAML authentication, all members of your enterprise must use Single Sign-On (SSO) with your configured Identity Provider (IdP) to access any of the enterprise's organizations. This means that all organizations within the enterprise will be authenticated through the configured IdP.
2. The ACS URL can be obtained from the Microsoft GitHub configuration during the SAML Single Sign-On setup.
3. Entity ID can be obtained from the ACS URL by removing /saml/consume from the URL.     

The Configuration is complete.