PingOne

Adding an identity provider - GitHub

Adding GitHub as an external identity provider (IdP) gives your users the option to sign on with GitHub when accessing your application.

Before you begin

Ensure that you have:

Creating your application on GitHub

Before you can set up GitHub as an external IdP, you must create an application on GitHub. GitHub generates a client ID and client secret for the application. Learn more in Creating an OAuth app in the GitHub documentation.

Steps

  1. Go to GitHub and sign on to your account.

    If you don’t have a GitHub account, you can create one now.

  2. In the upper right, click your profile photo, and then click Settings.

  3. On the left, click Developer Settings.

  4. On the left, click OAuth Apps.

  5. Click the New OAuth App button.

    If you haven’t created an app before, you’ll see the button as Register a new application.

  6. Enter the following:

    • Application name: The display name for the application.

    • Homepage URL: The full URL to your application home page.

    • Application description: A description for your application that all users will see.

    • Authorization callback URL: The path in your application that users are redirected to after they have authenticated with GitHub. Leave this value blank for now.

  7. Leave the GitHub page open to return later and enter the Authorization callback URL after you have created the application in PingOne.

Adding GitHub as an identity provider in PingOne

Configure the IdP connection in PingOne.

Before you begin

Ensure that registration is enabled in the authentication policy you want to use. Learn more in Editing an authentication policy.

Steps

  1. In the PingOne admin console, go to Integrations > External IdPs and click .

  2. Click GitHub.

  3. Click Next.

  4. On the Add External Identity Provider page, enter the following information:

    • Name: A unique identifier for the IdP.

    • Description (optional): A brief description of the IdP.

    • Population: A population that overrides the authentication policy’s registration population and enables just-in-time registration from the IdP.

      You can’t change the Icon and Sign-on Button in accordance with the provider’s brand standards.

  5. Click Next.

  6. Copy the value for Callback URL to a secure location.

  7. Leave the PingOne page open to return and enter the Client ID and Client Secret after you have created the application on GitHub.

Finishing creating the application on GitHub

Add the callback URL from the PingOne admin console to your application on GitHub.

Before you begin

Ensure you have copied the Callback URL from PingOne.

Steps

  1. Go to the Register a new OAuth application page on GitHub.

  2. For Authorization callback URL, enter the value for Callback URL that you copied from PingOne.

  3. Click Register application.

Finishing adding the identity provider in PingOne

After you have registered the application with GitHub, copy the values for client ID and client secret and enter them into PingOne.

Before you begin

Ensure that you have copied the values for client ID and client secret from GitHub.

Steps

  1. Return to GitHub and, in the OAuth Apps section, select the appropriate application.

  2. Locate the Client ID and Client Secret and copy the values to a secure location.

  3. In the PingOne admin console, configure the connection and enter the following information:

    • Client ID: The application identifier that you copied from the IdP. You can find this information on GitHub.

    • Client Secret: The application secret that you copied from the IdP. You can find this information on GitHub.

    • Callback URL: The URL to which the user will be redirected after authenticating.

  4. Click Next.

  5. Define how the PingOne user attributes are mapped to IdP attributes. Learn more in Mapping attributes.

    • Enter the PingOne user profile attribute and the external IdP attribute. Learn more about attribute syntax in Identity provider attributes.

    • To add an attribute, click Add.

    • To use the advanced expression builder, click the Gear icon. Learn more in Using the expression builder.

    • Select the update condition, which determines how PingOne updates its user directory with the values from the IdP. The options are:

      • Empty only: Update the PingOne attribute only if the existing attribute is empty.

      • Always: Always update the PingOne directory attribute.

    You can map the following attributes provided by GitHub:

    • Avatar URL

    • Blog

    • Company

    • Email

    • HTML URL

    • User ID

    • Location

    • Login

    • Name

    • Node ID

    • Site Admin

    • Type

    • URL

  6. Click Save.

Next steps