Integration of GitHub Enterprise with DoubleClue using SAML

1. Introduction

This guide is intended for users of GitHub Enterprise who would like their employees to log into GitHub Enterprise via DoubleClue Multi-Factor Authentication (MFA) using SAML 2.0. For more information on this product, please visit https://enterprise.github.com/.

Requirements:

  • GitHub Enterprise installation
  • DoubleClue Enterprise Management (DCEM) installation

2. Preparing DCEM to be an Identity Provider

In order to prepare DCEM to be an Identity Provider, please see chapter 12 of “DCEM_Manual_EN.pdf”.

3. Setting up GitHub Enterprise

  1. Log into your GitHub Enterprise management console: https:// — your Host — :8443/setup.
  2. Go to “Authentication”.
  3. Choose “SAML” as authentication method.
  4. Uncheck all checkboxes except “Disable administrator demotion/promotion. (ignore the administrator attribute)”.
  5. Single sign-on URL: Copy the SSO Domain you entered during SAML setup (see chapter 12.1.3 of “DCEM_Manual_EN.pdf”) and add /dcem/saml to it.
  6. Issuer: Copy the value you entered for “IdP EntityID” during SAML setup (see chapter 12.1.3 of “DCEM_Manual_EN.pdf”).
  7. Signature Method: RSA-SHA256, Digest Method: SHA256
  8. Name Identifier Format: unspecified
  9. Verification Certificate: Upload the Certificate file you downloaded during SAML setup (see chapter 12.1.4 of “DCEM_Manual_EN.pdf”).
  10. Click “Save settings”.

DCEM is now registered as an Identity Provider for GitHub Enterprise.

4. Setting GitHub Enterprise as a Service Provider for DCEM

  1. Download the XML-File at http://yourDomain.com/saml/metadata .
  2. In DCEM, go to main menu item “SAML”, sub menu “SP Metadata”.
  3. Click “Add”.
  4. From the dropdown menu, choose “Custom” and click “Continue”.
  5. Upload the downloaded file using the “Upload” button.
  6. In “Display Name”, type in a unique friendly name for this SP, such as “GitHub Enterprise”.
  7. Click “OK”.

GitHub Enterprise is now registered as a Service Provider for DCEM.