Configuring SAML single sign-on with Okta for Enterprise Managed Users

Learn how to configure Okta for Enterprise Managed Users on GitHub.com or GHE.com.

Who can use this feature?

Enterprise Managed Users is available for new enterprise accounts on GitHub Enterprise Cloud. See "About Enterprise Managed Users."

In this article

Warning

Enabling SAML affects all members of your enterprise.

Enterprise Managed Users doesn't provide a backup sign in URL where members of your enterprise can sign in using their regular username and password. If you are unable to sign in, contact GitHub Enterprise Support via the GitHub Support portal for assistance.

Supported features

The GitHub Enterprise Managed User application on Okta supports SP-initiated SSO and IdP-initiated SSO.

Configuring Okta

  1. Install the Okta application for your environment.

  2. In the application on Okta, click the Assignments tab and assign the application to your Okta account.

  3. Click the Sign on tab.

  4. Next to "Enterprise Name," type the name of your enterprise with managed users.

    Note

    For example, if you sign in to github.com/enterprises/octocorp or octocorp.ghe.com, your enterprise name is octocorp.

  5. On the "Sign on" tab, under "SAML 2.0," click More details.

  6. In order to configure your enterprise on GitHub Enterprise Cloud later, note down the following items:

    • "Sign on URL"
    • "Issuer"
    • "Signing certificate"

Configuring your enterprise

  1. Sign in to your enterprise with managed users.
  2. Using the details you noted from Okta, follow the steps in "Configuring SAML single sign-on for Enterprise Managed Users."

Enabling provisioning

After you enable SAML SSO, enable provisioning. For more information, see "Configuring SCIM provisioning with Okta."