3. Connecting to GitHub Enterprise

Prerequisites

  1. Registering the application in your tenant
  2. Selecting a Plan
  3. Sign Up for GitHub Enterprise

Introduction

EZGIT Helps you protect your code hosted in GIT platforms by removing the non-expiring ssh keys from the equation and instead giving your engineers a short term certificate when they need access to modify or pull any git repository.

Setting up GitHub

  1. Go to your EZGIT Portal https://{CompanyName}.ezssh.io
  2. Enter the length in hours that you want your developers certificates to last (This is how ofter the engineer has to get a new certificate). Note: In Keytos we have it set to 8 hours so our engineers only request access once a day EZSSH Settings
  3. Copy the CA Key and save it somewhere or leave this tab open. You will need it when setting up your GitHub Enterprise Security EZSSH Settings
  4. Go to https://github.com
  5. Click on your profile picture on the right GH Settings
  6. Click on the settings button of your organization GH Settings
  7. Click on Organization Security GH Settings
  8. Scroll down to “SSH Certificate Authorities, and click on the “New CA” button. GH Settings
  9. Enter the key we copied in step 3 and click save. GH Settings
  10. You should now have a CA listed in your SSH Certificate Authorities.
  11. Click the Require SSH Certificates checkbox to only allow git operations with SSH Certificates (Recommended) GH Settings
  12. Click the “Save” button.
  13. You are ready to start using EZGIT for GitHub

Setting Up SAML Mapping

When using GitHub Enterprise, you might let your engineers use their personal GitHub identity by linking it to your organization and their SAML Identity. To Give EZSSH Access to that mapping information, the following steps are needed:

1) Create GitHub Access Token

  1. First we have to create a GitHub access token. To get started, go to https://github.com and login with an account that is an owner of the organization.
  2. On the top right, click on your profile picture and then click on settings. GH Settings
  3. Then Click on Developer Settings. GH Settings
  4. Click on the “Personal access tokens” section.
  5. Click the “Generate new token” button. GH Settings
  6. Enter a name for the token. For Example “EZGIT User Mapping” GH Settings
  7. Select following Scopes:
    1. admin:org
    2. read:user GH Settings
  8. Click the “Generate token” button.
  9. Copy your token (you will need it for part two).

Enabling the token for SSO

If your organization uses SSO, you will have to grant SSO Access to your token.

  1. Click the “Enable SSO” button. GH Settings
  2. Authenticate with your SSO Identity.

2) Add Mapping Information to EZGIT

  1. Once you have created your GitHub token, go to your EZGIT portal https://{YourCompanyName}.ezgit.io/, login with an account that owns the subscription.
  2. Expand the Advance Settings Tab. GH Settings
  3. Enable the “Map SAML Users to GitHub Users” option. GH Settings
  4. Enter your organizations URL https://github.com/"ORGANIZATIONNAME" GH Settings
  5. Enter the GitHub Token generated in the previous section. GH Settings
  6. Click Test Connection. GH Settings
  7. If the connection is successful, click the “Save Changes” Button. GH Settings
  8. Your users will now be mapped at least once a day.