GitHub - SAML Relying Party Configuration - RSA Ready Implementation Guide
9 months ago

This section describes how to integrate Microsoft Github with RSA Cloud Authentication Service using Relying Party.

 

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using Relying Party.

Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Select the Authentication Clients > Relying Parties menu item at the top of the page.

  1. Click the Add a Relying Party button on the My Relying Parties page.

  1. From the Relying Party Catalog select the Add button for Service Provider SAML.

  1. Enter the name for the application in the Name field on the Basic Information page and click the Next Step button.

  1. On the Authentication page, select SecurID manages all authentication.
  2. From 2.0 Access Policy for Authentication pulldown select a policy that was previously configured, then select Next Step.

  1. Select the Enter Manually button on the Connection Profile page.

  1. Go to the Service Provider section and provide its details in the following format:
    1. Assertion Consumer Service (ACS) URL: https://github.com/enterprises/<enterprise-url-slug>/saml/consume
    2. Audience (Service Provider Entity ID): https://github.com/enterprises/<enterprise- url-slug>

  1. Under the SAML Response Protection section, select the radio button for IdP signs assertion within response, then click Download Certificate — you’ll need this certificate later when configuring Microsoft Github.

  1. Scroll down to the User Identity section and select the following:
    1. Identifier Type – unspecified
    2. Property – mail

  1. Make note of the Entity ID under the Identity Provider section. You can enter any identifier in the Discriminator text field—it will be appended to the Entity ID URL to ensure the Entity ID is unique to the Service Provider.

The configuration is complete. 

Configure Microsoft Github

Perform these steps to configure Microsoft Github.

Pre-requisites 

  1. Before configuring Microsoft GitHub, start by signing up for GitHub Enterprise Cloud and creating your enterprise account.
  2. Ensure you select Enterprise with managed users option when setting up your GitHub Enterprise Cloud account.

  1. After selecting Enterprise with managed users, you’ll be prompted to enter details about your GitHub Enterprise Cloud.
    1. Enterprise name: Provide a name of your choice for the enterprise.
    2. Enterprise URL slug: Enter a custom URL slug for your enterprise (The enterprise URL will appear as: https://github.com/enterprises/your-slug).
    3. Username shortcode: Enter a shortcode to be used in member usernames (e.g., usernames will appear as username_rsapelab).
    4. Industry: Select the industry that best represents the primary focus or purpose of this enterprise.
    5. Number of employees: Choose the employee range that this enterprise is intended to support.
    6. Country/Region: Choose the country and region where your enterprise is based.
    7. Identity Provider: Choose Custom or other.

  1. You will then be prompted to enter an enterprise account as an admin to manage the GitHub Enterprise Cloud configuration.
  2. After that, you will receive an email with your admin username and be prompted to set up your identity provider.

Procedure

  1. Log in to GitHub enterprise cloud as an admin: https://github.com/login.
  2. Click the Identity Provider tab at the top. 

  1. In the Single sign-on configuration section, under SAML single sign-on, click Add SAML Configuration.

  1. In SAML Single Sign-On, enter all the required details in the following format:
    1. Sign-on URL: This is the Identity Provider Entity ID URL previously obtained from the RSA Cloud Authentication Service configuration.
    2. Issuer: This is the Identity Provider Entity ID URL previously obtained from the RSA Cloud Authentication Service configuration.
    3. Public certificate: Upload the certificate downloaded from RSA Cloud Authentication Service.

  1. Click Test SAML Configuration to verify the setup. Upon successful testing, you will receive confirmation, after which you can click Save SAML Settings.

  1. After that, you will be redirected to a page displaying recovery codes. You will have the option to download, print, or copy them in case you ever get locked out and can't sign in.
  2. Click Enable SAML authentication.

  1. Go to the Identity Provider tab, where you will now see that SAML Single Sign-On is enabled. 

Test Application

  1. Enter your username or email address in the text field, and the option to Sign in with your identity provider will be displayed.

  1. You will then be prompted to confirm that you will authenticate your account by signing in through your enterprise's Single Sign-On (SSO) provider.

Notes 

  1. After enabling SAML authentication, all members of your enterprise must use Single Sign-On (SSO) with your configured Identity Provider (IdP) to access any of the enterprise's organizations. This means that all organizations within the enterprise will be authenticated through the configured IdP.
  2. The ACS URL can be obtained from the Microsoft GitHub configuration during the SAML Single Sign-On setup.
  3. Entity ID can be obtained from the ACS URL by removing /saml/consume from the URL.     

The configuration is complete. 

Related Articles

Trending Articles

Don't see what you're looking for?