Using Google as an Idp for SAML for my Github Campus Program

Hi,

My institution has been recently added to the Github Campus Programme. We use Google Workspace and I see that GSuite allows Github Business cloud application via SAML.

I tried the steps mentioned in this KB Article to create SAML SSO. But I am getting a 403 error. When I check the documentations I see that the Github is providing an ACS which is in http whereas GSuite requires ACS which is https.

Is there someone who has tried this before or can shed light on how to do this correctly?

1 Like

Update: I had raised this query to GitHub support and they have provided a detailed response which worked.

Response from GitHub Support

While G-Workspace is not an officially supported identity provider for SAML SSO on GitHub Enterprise Cloud or an Enterprise account, it can still be used as your SSO provider.

For your reference - on the GitHub end, here are the values you’ll want to use:

. Sign on URL: The SSO URL from G Suite, in the form https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX
. Issuer: The Entity ID URL from G Suite, in the form https://accounts.google.com/o/saml2?idpid=XXXXXXXXX
. Public certificate: download from G Suite and paste

On G Suite, you will need to set these values:

. ACS URL: https://github.com/orgs/[orgname]/saml/consume
. Entity ID: https://github.com/orgs/[orgname]
. Start URL: n/a
. Signed Response: :heavy_check_mark:
. Name ID: configurable by you; most people use primary email address
. Name ID Format: PERSISTENT

Please remember to replace [orgname] with the actual name of the organization.

If configuring on the Enterprise level:

. ACS URL: https://github.com/enterprises/[enterprise]/saml/consume
. Entity ID: https://github.com/enterprises/[enterprise]
. The rest is the same as above

However, I am still trying to figure out how the students/teachers can directly be added to the organization when they use the SAML login. If some one has an idea please do let me know.