eyJleHRlcm5hbF9saW5rIjoiaHR0cHM6Ly9naXRodWIuY29tL2VudGVycHJpc2UiLCJleHRlcm5hbF9saW5rX3RleHQiOiJHaXRodWIgRW50ZXJwcmlzZSBDbG91ZCIsInJlY2lwZSI6eyJhZGRvbnMiOnsic2FtbHAiOnsibWFwcGluZ3MiOnsidXNlcl9pZCI6Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWVpZGVudGlmaWVyIiwiZW1haWwiOiJlbWFpbHMiLCJuYW1lIjoiZnVsbF9uYW1lIn0sInBhc3N0aHJvdWdoQ2xhaW1zV2l0aE5vTWFwcGluZyI6ZmFsc2UsIm1hcElkZW50aXRpZXMiOmZhbHNlLCJzaWduYXR1cmVBbGdvcml0aG0iOiJyc2Etc2hhMjU2IiwiZGlnZXN0QWxnb3JpdGhtIjoic2hhMjU2IiwibmFtZUlkZW50aWZpZXJQcm9iZXMiOlsiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZWlkZW50aWZpZXIiXX19fSwic3VwcG9ydF9sZXZlbCI6ImNvbW11bml0eSIsIm1ldGFfdGl0bGUiOiJHaXRIdWIgRW50ZXJwcmlzZSBDbG91ZCBJbnRlZ3JhdGlvbiB3aXRoIEF1dGgwIiwibWV0YV9kZXNjcmlwdGlvbiI6IkdpdEh1YiBFbnRlcnByaXNlIENsb3VkIC0gT3JnYW5pemF0aW9ucyBvbiBHaXRIdWIgQ2xvdWQgY2FuIHVzZSBTU08gYXMgYW4gZWFzeSB3YXkgdG8gbG9naW4gd2l0aCBhIHNoYXJlZCBjcmVkZW50aWFsIiwidmFsdWVfcHJvcHMiOlt7InRpdGxlIjoiRnVsbCBFbnRlcnByaXNlIENvbnRyb2wiLCJkZXNjcmlwdGlvbiI6IkVudGVycHJpc2Ugb3duZXJzIGNhbiBhbHNvIGVuZm9yY2UgU0FNTCBTU08gZm9yIGFsbCBvcmdhbml6YXRpb25zIGluIGFuIGVudGVycHJpc2UgYWNjb3VudC4ifSx7InRpdGxlIjoiQWNjZXNzIGNvbnRyb2xzIGludG8gQVBJIGFuZCBHaXQgdGhyb3VnaCBDTEkiLCJkZXNjcmlwdGlvbiI6IlRvIGFjY2VzcyB0aGUgb3JnYW5pemF0aW9uJ3MgcHJvdGVjdGVkIHJlc291cmNlcyB1c2luZyB0aGUgQVBJIGFuZCBHaXQgb24gdGhlIGNvbW1hbmQgbGluZSwgbWVtYmVycyBtdXN0IGF1dGhvcml6ZSBhbmQgYXV0aGVudGljYXRlIHdpdGggYSBwZXJzb25hbCBhY2Nlc3MgdG9rZW4gb3IgU1NIIGtleS4ifSx7InRpdGxlIjoiTWFuYWdlIHVzZXJzIHRocm91Z2ggQXV0aDAiLCJkZXNjcmlwdGlvbiI6IllvdSBjYW4gdXNlIHRlYW0gc3luY2hyb25pemF0aW9uIHRvIGF1dG9tYXRpY2FsbHkgYWRkIGFuZCByZW1vdmUgdGVhbSBtZW1iZXJzIGluIGFuIG9yZ2FuaXphdGlvbiB0aHJvdWdoIEF1dGgwLiJ9XSwiZm9ybV9maWVsZHMiOlt7Im5hbWUiOiJjYWxsYmFja3MiLCJsYWJlbCI6IkNhbGxiYWNrIFVSTCIsInBsYWNlaG9sZGVyIjoiaHR0cHM6Ly9naXRodWIuY29tL29yZ3Mve1lPVVJfR0lUSFVCX09SR19OQU1FfS9zYW1sL2NvbnN1bWUiLCJkYXRhVHlwZSI6InVyaSIsInJlcXVpcmVkIjp0cnVlfSx7Im5hbWUiOiJhZGRvbnMuc2FtbHAuYXVkaWVuY2UiLCJsYWJlbCI6IkF1ZGllbmNlIiwicGxhY2Vob2xkZXIiOiJodHRwczovL2dpdGh1Yi5jb20vb3Jncy97WU9VUl9HSVRIVUJfT1JHX05BTUV9IiwiZGF0YVR5cGUiOiJ1cmkiLCJyZXF1aXJlZCI6dHJ1ZX1dfQ==

SAML SSO gives organization owners and enterprise owners on GitHub a way to control and secure access to organization resources like repositories, issues, and pull requests. Organization owners can invite your user account on GitHub to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on GitHub.

When you access resources within an organization that uses SAML SSO, GitHub will redirect users Auth0 to authenticate. After you successfully authenticate with your account on Auth0, Auth0 redirects you back to GitHub, where you can access the organization's resources.

<p>The GitHub Enterprise Cloud <a href="https://auth0.com/docs/sso">Single Sign-on (SSO)</a> Integration creates a client application that uses Auth0 for authentication and provides SSO capabilities for GitHub Enterprise Cloud. Your users log in to GitHub Enterprise Cloud with Auth0 <a href="https://auth0.com/docs/identityproviders">identity providers</a>, which means the identity provider performs the identity credentials verification.</p>


<h2 id="prerequisites">Prerequisites</h2>
<p>Before you begin:</p>
<ul>
<li>  Sign up for a GitHub Enterprise Cloud account.</li>
<li>  <a href="https://auth0.com/docs/identityproviders">Set up a connection</a>, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.</li>
</ul>


<h2 id="configure-auth0-sso-integration">Configure Auth0 SSO Integration</h2>
<p>Enter a name for your SSO Integration, configure the following settings, and click <strong>Save</strong>.</p>
<table class="table"><thead><tr><th><strong>Setting</strong></th><th><strong>Description</strong></th></tr></thead><tbody><tr><td>Callback URL</td><td>URL to which the user is redirected after login (<code>https://github.com/orgs/{YOUR_GITHUB_ORG_NAME}/saml/consume</code>).</td></tr><tr><td>Audience</td><td>Your GitHub Enterprise Cloud URL (<code>https://github.com/orgs/{YOUR_GITHUB_ORG_NAME}</code>).</td></tr><tr><td>Use Auth0 instead of the IdP to do Single Sign-on (SSO). **Legacy tenants only.**</td><td>If enabled, Auth0 will handle SSO instead of GitHub Enterprise Cloud.</td></tr></tbody></table>

<p><img src="https://auth0.com/docs/media/articles/dashboard/sso-integrations/dashboard-integrations-sso-create_settings.png" alt="Save Integration"></p>


<h2 id="configure-integration-with-github-enterprise-cloud">Configure integration with GitHub Enterprise Cloud</h2>
<p>To configure the integration with GitHub Enterprise Cloud, follow the instructions listed in the <strong>Tutorial</strong> view (which will appear when you save the initial configuration settings).</p>


<h2 id="enable-connections">Enable connections</h2>
<p>Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to GitHub Enterprise Cloud. By default, all configured connections are enabled.</p>
<ol>
<li>Select the <strong>Connections</strong> view.</li>
<li> Toggle the sliders next to connection names to enable or disable them. <img src="https://auth0.com/docs/media/articles/dashboard/sso-integrations/dashboard-integrations-sso-create_view-connections.png" alt="Enable/Disable Connections"></li>
</ol>


GitHub Enterprise Cloud - Organizations on GitHub Cloud can use SSO as an easy way to login with a shared credential

GitHub Enterprise Cloud Integration with Auth0

GitHub Enterprise Cloud

Organizations on GitHub Cloud can use SSO as an easy way to login with a shared credential

Enterprise owners can also enforce SAML SSO for all organizations in an enterprise account.

Full Enterprise Control

To access the organization's protected resources using the API and Git on the command line, members must authorize and authenticate with a personal access token or SSH key.

Access controls into API and Git through CLI

You can use team synchronization to automatically add and remove team members in an organization through Auth0.