Home

Github User Provisioning

Highlighted
Markus Ihloff
Occasional Contributor

Hi Community,

 

at the moment I'm trying to configure the SSO and the User Provisioning from Azure AD to github. I'm following this guide for the provisioning of users:

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/user-provisioning

 

I got it all configured and there are no errors in Azure shown, but I'm not sure if everything really works as intended. Here is the behavior I currently get:

  • A user is assigned the application "github" in Azure AD
  • The Audit-Log says that the user was successfully exported to github
  • Github shows me in the Billing-Section of the corporate account that an Invitation for the added user was sent and that enough licenses are available.
  • The user gets the invitation, clicks on the link and signs in with his AzureAD Account.

Until now everything is as expected, but from now on I'm not sure if things are correct:

  • After the user signed in with the AzureAD Account he gets the prompt to register for a new github-Account. Including E-Mail, Username and Password.

On the SSO-Configuration-Page I have following information:

 

Single sign-on in GitHub authenticates to a specific organization in GitHub and does not replace the authentication of GitHub itself. Therefore, if the user's github.com session has expired, you may be asked to authenticate with GitHub's ID/password during the single sign-on process.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-tutorial

 

Does it mean the only benefit of github user-provisioning is sending out invitations to the company and the user has still to sign up for github? If so this would be kind of a disappointment.

Can anyone confirm this or tell me if I need to reconfigure something?