• Home
  • Explore

User authorization - Training

learn.microsoft.com/en-us/training/modules/authenticate-authorize-user-identities-github/4-authorization

1 Users

0 Comments

21 Highlights

1 Notes

Tags

Top Highlights

  • Following is a list of the GitHub supported identity providers for SCIM:

  • You can also view and revoke the linked SAML identity, active sessions, and authorized credentials for members of your organization or enterprise account.

  • The SAML IdP and the SCIM client must use matching NameID and userName values for each user.

  • If you use SAML SSO without implementing SCIM, you won't have automatic deprovisioning.

  • But after you authenticate the user with the IdP successfully from GitHub, you must now authorize any personal access token, SSH key, or OAuth App that you would like the user to use to access your organization's resources.

  • If you use SAML SSO in your organization, you can implement SCIM or System for Cross-domain Identity Management. SCIM lets you add, manage, or remove organization member access within GitHub.

  • When organization members' sessions expire after their access is removed from the IdP, they aren't automatically removed from the organization

  • This process allows a user authenticating through SAML to be linked to their provisioned SCIM identity.

  • Each time you make changes to group membership in your IdP, the IdP will make a SCIM call to GitHub.com to update the corresponding organization's membership

  • To access your organization's protected resources using the API and Git on the command line, your users will need to authorize and authenticate with a PAT (personal access token) or SSH key.

  • Some companies may have built their own system and synchronize their accounts in a custom way. GitHub doesn't support these custom-created accounts with technical assistance.

  • SCIM was developed to allow synchronization of information between an IdP and multiple applications.

  • Authorized tokens

  • grant access to the organization even after their sessions expire. To remove this access, you can either manually remove the authorized token from the organization or automate its removal with SCIM.

  • Each time an enterprise member accesses a resource protected by your enterprise account's SAML configuration, that SAML assertion will trigger provisioning.

  • As the administrator, you're able to review each personal access token and SSH key that a member has authorized for API and Git access.

  • To provision new users without an invitation from an organization owner, you can use the URL https://github.com/orgs/ORGANIZATION/sso/sign_up

  • You can review the SAML SSO identity that a member has linked to their GitHub account. When available, the entry will include SCIM data for the user.

  • Microsoft Entra ID Okta OneLogin

Ready to highlight and find good content?

Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.

AboutPrivacyTerms

© 2023 Glasp Inc. All rights reserved.