Skip to main content

Secure Github Enterprise with XFA Connect (for Google Workspace)

Github integration with Google

Github has a Custom SSO feature which uses SAMLv2 so you can link the accounts within your organizations with identities of your identity provider (in this case Google) to make it easier to manage users.

You can configure an application in XFA with your identity providers credentials and first point to XFA instead to check the security posture of every device trying to login into GitHub. This guide will describe all steps needed to link Github to Google Workspace trough XFA.

Note: Your organization needs to be in the Github Enterprise tier to configure a custom SSO

Note: This article assumes that you have an account set up with XFA for your organization and your are an admin for that organization. If you do not have an account, you can create one at https://dashboard.xfa.tech/signup.

Setup Github App in Google Workspace

Step 1. Navigate to the Google Admin interface on admin.google.com and go to Apps > Web and mobile apps

Step 2. Click on Add app > Search for apps and search for the Github Business App.

Step 3. Copy the SSO URL, Entity ID and certificate of Google and keep them safe to configure the XFA application in a later step.

Copy SSO settings

Step 4. Configure the application to work with XFA.

Configure settings

Step 5. Click finish to complete the configuration.

Step 6. Optional: Make sure your users have access by navigating into User access > Service Status.

  • Enable the app for the users or groups that need access to GitHub.

Confirm access

Create the application in XFA Dashboard

Step 1. Login to the XFA dashboard.

Step 2. Create a new application under Connect > New application > Github Enterprise.

Create new application

Step 3. Fill in the identity provider details (in this case Google)

  • Fill in the SSO URL, Entity ID and certificate of the Github Business App in Google you copied before. Click "Next" to continue.

Fill in the identity provider details

Step 4. Fill in the service provider details (in this case Github)

  • Complete the ACS-URL with your Github organization name e.g. https://github.com/orgs/your-organization/saml/consume. Copy the the SSO URL, Entity ID and certificate of your new application. Click "Next" to continue.
  • Copy the SSO URL, issuer and certificate of XFA for the next step in Github.

Fill in the service provider details

Setup your Github organization to use SSO

Step 1. Login to Github and go to your organization.

Step 2. Go to Settings > Authentication & Security.

Step 3. Click on "Set up SSO" and paste the SSO URL, issuer and certificate of XFA.

Configure settings

Step 4. Use the "Test" feature to make sure everything is configured correctly.

Test settings

Step 5. Save the new verified settings by clicking on "Save".

You are done! The users in your Github organization will now be asked to verify their identity with Google and XFA will check the security posture of the device to make sure that any device that is used to access Github is secure.