You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

GitHub Identity Provider Connection

The EmpowerID SSO framework allows you to configure GitHub as an identity provider (IdP) for EmpowerID. EmpowerID integrates with GitHub using OAuth 2.0.

Prerequisites:

Before configuring GitHub as an OAuth Identity Provider in EmpowerID, you need to meet the following conditions:

  • You must have a GitHub account

  • Create an application for EmpowerID in GitHub

Once the IDP Connection has been set up for GitHub, you can create a link similar to the one below to allow users to login to EmpowerID using GitHub.

https://FQDN_OF_YOUR_EMPOWERID_SERVER/WebIdPForms/Login/Portal/GitHub?returnUrl=%2FWebIdPForms%2F

Be sure to replace FQDN_OF_YOUR_EMPOWERID_SERVER with the FQDN of your EmpowerID server.

Steps

To configure GitHub as an Identity Provider for EmpowerID, you need to do the following:

  1. Create an application for EmpowerID in GitHub

  2. Configure the default GitHub OAuth Provider app

  3. Add a Login button to the Login page for GitHub

  4. Test the OAuth provider app

Create an application for EmpowerID in GitHub

To allow users to authenticate to EmpowerID using their GitHub credentials, you must register EmpowerID as an OAuth application in GitHub. See GitHub’s article at https://docs.GitHub.com/en/free-pro-team@latest/developers/apps/building-oauth-apps for directions on how to do this. During the app registration process, GitHub will generate an Client ID and Client Secret for the application. You will use these when you create an OAuth Provider App for GitHub in EmpowerID.

When creating an application for EmpowerID in GitHub , set the following:

Setting

Value

Setting

Value

Application name

Name of the application you are creating. This can be any value.

Homepage URL

Full URL to the app’s website

Authorization callback URL

Your application’s callback URL

https://YOUR_EMPOWERID_SERVER/WebIdPForms/oauth/v2

 

Configure the default GitHub OAuth Provider app

  1. On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.

  2. Select the External OAuth Services tab and then search for GitHub.

  3. Click the Provider link for GitHub.

     

  4. Click the Edit button for the default GitHub OAuth provider app.

     

  5. Under General Settings, fill in the following information and then click Save.

Field

Description

Field

Description

Consumer Key

Client ID generated by GitHub

Consumer Secret

App Secret generated by GitHub

Is Identity Provider

Select this option to flag the OAuth provider as an Identity Provider app.

Select existing Account Directory

Select GitHub to place authenticated users in the selected account store.

Callback Url

This is the URI that GitHub redirects users after they have authenticated with GitHub. The URL should look like the following: https://YOUR_EMPOWERID_SERVER/WebIdPForms/oauth/v2, where YOUR_EMPOWERID_SERVER is the FQN of your EmpowerID Web server.

 

Add a Login Button for GitHub

  1. On the navbar, expand Single Sign-On > SSO Connections and click SSO Connections.

  2. Select the IdP Domains tab and then click the IdP Domains link for the IdP Domain where you want the Login tile to appear.

     

  3. On the IdP Domain Details view, select the External OAuth Providers tab and then select the GitHub provider.



  4. Click Save.

To give users the ability to log in using their EmpowerID credentials, be sure to select EmpowerID from the SAML Identity Providers tab of the IdP Domain Details page.

Test the OAuth Provider App

  1. Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the GitHub IdP connection.

  2. Click the Login Using GitHub button.

  3. Click Okay to allow EmpowerID to retrieve the information it needs to link your GitHub account to your EmpowerID identity (Person object).


    You should be authenticated to EmpowerID.

IN THIS ARTICLE