GitHub is a great system for individuals and OSS communities for both public and private project. However, corporate customers commonly want more control over their system than the standard GitHub offering. It is for this reason GitHub offers GitHub Enterprise.
For most corporates, the essential feature that GitHub Enterprise offers is the use Single Sign On (SSO) i.e. allowing users to login to GitHub using their corporate directory accounts.
I wanted to see how easy this was to setup when you are using Azure Active Directory (AAD).
Luckily there is a step by step tutorial from Microsoft on how to set this up. Though, I would say that though detailed this tutorial has a strange structure in that it shows the default values not the correct values. Hence, the tutorial requires close reading, don’t just look at the pictures!
Even with close reading, I still hit a problem, all of my own making, as I went through this tutorial.
The Issue – a stray / in a URL
I entered all the AAD URLs and certs as instructed (or so I thought) by the tutorial into the Security page of GitHub Enterprise.
When I pressed the ‘Validate’ button in GitHub, to test the SSO settings, I got an error
‘The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration’
This sent me shown a rabbit hole looking at user permissions. That wasted a lot of time.
However, it turns out the issue was that I had a // in a URL when it should have been a /. This was because I had made a cut and paste error when editing the tutorial’s sample URL and adding my organisation details.
Once I fixed this typo the validation worked, I was able to complete the setup and then I could to invite my AAD users to my GitHub Enterprise organisation.
So the summary is, if you follow the tutorial setting up SSO from AAD to GitHub Enterprise is easy enough to do, just be careful of over the detail.