I got it all configured and there are no errors in Azure shown, but I'm not sure if everything really works as intended. Here is the behavior I currently get:
A user is assigned the application "github" in Azure AD
The Audit-Log says that the user was successfully exported to github
Github shows me in the Billing-Section of the corporate account that an Invitation for the added user was sent and that enough licenses are available.
The user gets the invitation, clicks on the link and signs in with his AzureAD Account.
Until now everything is as expected, but from now on I'm not sure if things are correct:
After the user signed in with the AzureAD Account he gets the prompt to register for a new github-Account. Including E-Mail, Username and Password.
On the SSO-Configuration-Page I have following information:
Single sign-on in GitHub authenticates to a specific organization in GitHub and does not replace the authentication of GitHub itself. Therefore, if the user's github.com session has expired, you may be asked to authenticate with GitHub's ID/password during the single sign-on process.