- Home
- Single Sign-On and MFA
- Configuring SSO Connections
- Identity Providers
- Current: Configuring GitHub as an Identity Provider
Configuring Github as an Identity Provider
The EmpowerID SSO framework allows you to register Github as an identity provider for the EmpowerID Web application. EmpowerID integrates with Github using the OAuth protocol to allow your users to log in to the EmpowerID portal using their Github account.
This topic describes how to configure an IDP connection for Github and is divided into the following activities:
- Adding the Client ID and Client Secret to the Github OAuth Connection
- Adding MFA Points to the Github OAuth Connection
- Adding a Login tile for Github
- Adding an IP Range
- Testing the Connection
For specific directions on registering EmpowerID as an application in Github, see the information provided by Github at https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/registering-oauth-apps/.
When registering EmpowerID in Github, use the following URL as the Callback or Return URL, replacing "FQDN_OF_YOUR_EMPOWERID_SERVER"with the FQDN or fully resolvable DNS of the EmpowerID Web server in your environment.
https://FQDN_OF_YOUR_EMPOWERID_SERVER/EmpowerIDWebIdPForms/oauth/v2
Be sure to replace "FQDN_OF_YOUR_EMPOWERID_SERVER" with the FQDN or fully resolvable DNS of the EmpowerID Web server in your environment and "Github" with the name of the IDP connection you create for PayPal in EmpowerID.
https://FQDN_OF_YOUR_EMPOWERID_SERVER/EmpowerIDWebIdPForms/Login/EmpowerIDWebSite/Github?returnUrl=%2FEmpowerIDWebIdPForms%2F
To add the Client ID and Client Secret and to the Github OAuth Connection
- From the Navigation Sidebar of the EmpowerID Web interface, navigate to the OAuth Application management page by expanding Admin > SSO Connections and clicking OAuth.
- From the OAuth Applications management page, click the OAuth Service Provider tab and then search for Github.
- From the OAuth Service Provider grid, click the Github link.
- In the External OAuth Provider Details page that appears, click the Edit button for the specific Github connection you want to edit. By default, EmpowerID includes one connection. However, you can add as many connections for Github as your organization needs.
- In the OAuth Connection pane that appears, type the Client ID Github generated for your application in the Consumer Key field and the Secret in the Consumer Secret field.
- Prepend the value of the Callback Url with the FQDN of your EmpowerID Web server, using the https scheme. For example, the FQDN of the EmpowerID Web server in our environment is "sso.empowersso.com" so the full Callback Url for our site is "https://sso.empowersso.com/empoweridwebidpforms/oauth/v2".
- Click Save to close the OAuth Connection pane.
- Optionally, add any desired MFA points to the Github application by following the below steps.
To add MFA points to the Github application
From the External OAuth Providers page for Github, click the Provider Edit link at the top of the page. In the MFA Point Value field, type the number of MFA points you want to give to users logging in with Github. Click Save.Next, add a login tile for Github to the desired IdP Domains. This allows your users to authenticate to EmpowerID with their Github credentials. If you have not set up an IdP Domain for your environment, you can do so by following the directions in the below drop-down.
- To create an IdP Domain
- From the Navigation Sidebar, navigate to the SSO Components management page by expanding Admin > Applications and Directories > SSO Connections and clicking SSO Components.
- Click the IdP Domains tab and then click the Add IdP Domain (+) button.
- Type the fully qualified domain name in the Domain Name field and then click Save.
To add a login tile for Github
- From the Navigation Sidebar, navigate to the SSO Components management page by expanding Admin > Applications and Directories > SSO Connections and clicking SSO Components.
- From the IdP Domains tab of the SSO Components page, click the link for the IdP Domain to which you want to add the login tile.
- In the IdP Domain Details page that appears, click the External OAuth Providers tab and check the Github beside Github.
- Click Save.
To test the Github connection
- From the Navigation Sidebar, navigate to the Workflows page by expanding IT Shop and clicking Workflows.
- From the Workflows page, recycle the EmpowerID App Pools by clicking Recycle EmpowerID App Pools.
- Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the Github IdP connection.
- Click the Login using Github button.
- This redirects your browser to the Github Login for the EmpowerID web application you created in Github. Enter your Github credentials and click Sign in.
- Click Authorize
- Back in the EmpowerID Web interface, click Yes to indicate that you have an EmpowerID login.
- Type your EmpowerID Login or Email in the form and click Submit. The EmpowerID Person must have a valid email address as EmpowerID sends a one-time password to that address.
- Check your email for the one-time password.
- Back in the EmpowerID Web interface, type the one-time password into the Password field of the One-Time Password Validation form and click Submit.
- Related Topics
Administrative Procedures:
- Creating IdP Domains
- Configure AD SF as an Identity Provider
- Configure Azure as an Identity Provider
- Configure Box as an Identity Provider
- Set up the Remote Windows Identity Provider Application
- Configure Facebook as an Identity Provider
- Configure Google as an Identity Provider
- Configure LinkedIn as an Identity Provider
- Configure Paypal as an Identity Provider
- Configure Smart Card as an Identity Provider
- Configure Twitter as an Identity Provider
- Configure Windows Auth as an Identity Provider
- Configure Yahoo as an Identity Provider
- Configure Yammer as an Identity Provider
- Creating IP Address Ranges
- Setting MFA Points Granted by SSO Connections