[Legacy] Github Enterprise

Owned by Jon Espen Ingvaldsen (Unlicensed)
Last updated: Mar 29, 2022 by Steinar Line
4 min read

This guide is for an older version of Kantega SSO Enterprise and is no longer maintained. New guides are here: https://kantega-sso.atlassian.net/l/c/rNTaTonz .

This guide takes you through the steps of setting up Gitlab login to the following Atlassian applications:

  • Jira SERVER DATA CENTER

  • Confluence SERVER DATA CENTER

  • Bitbucket SERVER DATA CENTER

  • Bamboo SERVER

  • Fisheye / Crucible SERVER

 

You find a link to the Atlassian Marketplace in the upper right corner of your Atlassian application. Click Manage apps and search for “Kantega.” Click “Free trial” or “Buy now” to install the app.

 

 

Add identity provider

A welcome message is shown when you select to configure the app for the very first time. Click “Start setup” and then “Setup SAML / OIDC.”

Select “GitHub” in the identity provider gallery.

GitHub allows you to set up single sign-on over the OpenID Connect protocol.

Click “Next.” Follow the setup steps below.

1. Select provisioning method

The Atlassian applications needs to have information about users logging in and their permissions. At this wizard step, we choose whether the user and permission data already exist when users log in with SSO or if user records should be created dynamically (just-in-time provisioning). More information about user provisioning alternatives are found here

You can also specify whether users logging in through GitHub should be added as members to a set of default groups automatically.

Select the provisioning method, default groups, and click “Next.”

*Jira specific example. Other Atlassian applications will be similar.

2. Callback URL

The field “Callback URL” will be needed when configuring your identity provider. Copy this URL value (We will make use of this in the next step).

 

 

3. Configure identity provider

Access your GitHub Enterprise organization from https://github.com/settings/organizations. Make sure you are logged in as a user with admin privileges to the organization.

Click settings.

 

In the left sidebar, click OAuth Apps.

 

Click New OAuth App in the upper right corner.

 

Fill in the details. Paste the callback URL copied from the prepare step into the Authorization callback URL field.

Click Register application.

 

Keep the Client ID and Client Secret for a later step, but go back to the Kantega SSO Setup for now.

4. Import

For Github, the import step consists only of clicking Next.

5. Location

Fill in an appropriate name for the identity provider. Click Next.

6. Secrets

Paste the values generated by GitHub in the earlier step.

Click Next.

7. Summary

Validate your setup.

Click Finish.

 

8. Test and verify setup

On the next page, you will be given a link to perform a test of your setup.

The test verifies that users are allowed to authenticate with the current configuration, and you get feedback on whether the current user is found in the Atlassian application. You are also able to fix user lookup issues (selecting the right username attribute and express username transformation rules), and select data attributes for just-in-time provisioning here. More info about testing av verifying identity provider configurations.

9. Redirection mode

By default, Kantega SSO Enterprise will forward all users to the configured identity provider. However, you can configure both a subset of users who should be login through this identity provider and how they are redirected. More about the configuration of redirection rules.