authentik/website/integrations/services/github-organization/index.md

---
title: GitHub Organization
---

<span class="badge badge--secondary">Support level: Community</span>

## What is GitHub Organizations

> Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
>
> -- https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations

## Preparation

The following placeholders will be used:

-   `github.com/orgs/foo` is your GitHub organization, where `foo` is the name of your org
-   `authentik.company` is the FQDN of the authentik Install

Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:

-   ACS URL: `https://github.com/orgs/foo/saml/consume`
-   Audience: `https://github.com/orgs/foo`
-   Issuer: `https://github.com/orgs/foo`
-   Binding: `Post`

Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.

Once the provider is created, it is advised to download the signing certificate as you will need it later.

## GitHub Configuration

Navigate to your organization settings by going to your organization page at https://github.com/foo, then click Settings.

In the left-hand navigation, scroll down to the Security section and click `Authentication security`

On this page:

-   Select the `Enable SAML authentication` checkbox.
-   In `sign-on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
-   For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik
-   For `Public certificate`, paste the _full_ signing certificate into this field.
-   Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.

Once these fields are populated, you can use the `Test SAML configuration` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.

Scroll down to hit the `Save` button below.

![Screenshot showing populated GitHub organization SAML settings](ghorg_saml_settings.png)

This enables SAML as an authentication _option_. If you want to _require_ SAML for your organization, visit your SSO url at `https://github.com/orgs/foo/sso` and sign in. Once signed in, you can navigate back to the `Authentication security` page and check `Require SAML SSO authentication for all members of the foo organization.`
website/integrations: New VCS section and GitHub integrations (#3437) * website/docs: create VCS section Moved gitea and gitlab to new VCS category. * website/docs: add GitHub-related integrations Added GitHub Organization and GitHub Enterprise Cloud integrations. GHEC contains a note on EMU users being unsupported (GitHub limitation). * website/docs: added GitHub links to VCS * website/docs: Fix GitHub linter problems 2022-08-18 10:30:38 +00:00			`---`
			`title: GitHub Organization`
			`---`

			`<span class="badge badge--secondary">Support level: Community</span>`

			`## What is GitHub Organizations`

website/integrations: cite better (#6431) * update awx-tower to RHAAP Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to new quotation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update all Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-07-31 10:16:58 +00:00			`> Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.`
			`>`
			`> -- https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations`
website/integrations: New VCS section and GitHub integrations (#3437) * website/docs: create VCS section Moved gitea and gitlab to new VCS category. * website/docs: add GitHub-related integrations Added GitHub Organization and GitHub Enterprise Cloud integrations. GHEC contains a note on EMU users being unsupported (GitHub limitation). * website/docs: added GitHub links to VCS * website/docs: Fix GitHub linter problems 2022-08-18 10:30:38 +00:00
			`## Preparation`

			`The following placeholders will be used:`

			- `github.com/orgs/foo` is your GitHub organization, where `foo` is the name of your org
			- `authentik.company` is the FQDN of the authentik Install

			`Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:`

			- ACS URL: `https://github.com/orgs/foo/saml/consume`
			- Audience: `https://github.com/orgs/foo`
			- Issuer: `https://github.com/orgs/foo`
			- Binding: `Post`

			`Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.`

			`Once the provider is created, it is advised to download the signing certificate as you will need it later.`

			`## GitHub Configuration`

			`Navigate to your organization settings by going to your organization page at https://github.com/foo, then click Settings.`

			In the left-hand navigation, scroll down to the Security section and click `Authentication security`

			`On this page:`

			- Select the `Enable SAML authentication` checkbox.
			- In `sign-on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
			- For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik
			- For `Public certificate`, paste the _full_ signing certificate into this field.
			- Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.

web/flows: bottom-align about text on flows page (#7051) * web/flows: bottom-align about text on flows page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of typos Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-10-03 12:10:10 +00:00			Once these fields are populated, you can use the `Test SAML configuration` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
website/integrations: New VCS section and GitHub integrations (#3437) * website/docs: create VCS section Moved gitea and gitlab to new VCS category. * website/docs: add GitHub-related integrations Added GitHub Organization and GitHub Enterprise Cloud integrations. GHEC contains a note on EMU users being unsupported (GitHub limitation). * website/docs: added GitHub links to VCS * website/docs: Fix GitHub linter problems 2022-08-18 10:30:38 +00:00
			Scroll down to hit the `Save` button below.

			`![Screenshot showing populated GitHub organization SAML settings](ghorg_saml_settings.png)`

			This enables SAML as an authentication _option_. If you want to _require_ SAML for your organization, visit your SSO url at `https://github.com/orgs/foo/sso` and sign in. Once signed in, you can navigate back to the `Authentication security` page and check `Require SAML SSO authentication for all members of the foo organization.`