Skip to content
Veraproof Veraproof Docs

GitHub Integration

GitHub Integration

Scimify enables SCIM provisioning for GitHub organizations, allowing you to sync IdP groups with GitHub organization teams.

Overview

This integration pushes IdP groups to GitHub organization teams via SCIM. Teams created in your GitHub organization will correspond to groups from your identity provider.

Prerequisites

  • A GitHub organization with SAML SSO enabled
  • Admin access to the GitHub organization
  • A Github Personal Access Token (fine-grained preferred) associated with a Github org member (e.g. service account or owner)

Note: It is possible for this integration to work with non-SSO Github orgs. You need to set the users github handle/username as the username on the Idp app profile before pushing the user and group to Scimify.

Configuration Steps

1. Generate a GitHub Personal Access Token

Preferred: Fine-grained Personal Access Token

  1. Go to GitHub Settings > Developer Settings > Personal access tokens > Fine-grained tokens
  2. Click “Generate new token” > “Generate new token (fine-grained)”
  3. Give the token a descriptive name (e.g., “Scimify Integration”)
  4. Set your organization as the Resource owner
  5. Under Organization permissions, expand “Members” and select:
    • Read and write permission
  6. Generate and copy the token

Note: Fine-grained tokens provide more granular control and are the recommended approach for organization-level integrations as they provide least privilege permissions.

Alternative: Classic Personal Access Token

  1. Go to GitHub Settings > Developer settings > Personal access tokens > Tokens (classic)
  2. Click “Generate new token” (classic)
  3. Give the token a descriptive name (e.g., “Scimify Integration”)
  4. Select the admin:org scope
  5. Generate and copy the token

Note: Classic tokens with admin:org scope will also work, but fine-grained tokens are preferred for better security and granular permissions.

2. Configure the Integration in Scimify

  1. Navigate to the Integrations page in your Scimify admin console
  2. Create a new GitHub integration instance
  3. Enter the following configuration:
    • GitHub API Token: Paste the Personal Access Token generated in Step 1
    • GitHub Organization: Enter your GitHub organization name
    • GitHub Base URL (Optional): For GitHub Enterprise self-hosted, specify your custom base URL (e.g., https://github.company.com/api/v3). Leave empty for GitHub.com

3. Configure Okta SCIM

Follow the Okta SCIM Configuration guide to set up SCIM provisioning in Okta.

How It Works

  • When groups are pushed from your IdP, Scimify will create corresponding teams in your GitHub organization
  • Team names will match the group names from your IdP
  • Users assigned to groups in your IdP will be added as members to the corresponding GitHub teams
  • Github org members will be matched based on their SAML nameId (aka linked SSO identity) by default and fallback to Github handle/username if SAML SSO is not enabled foryour Github organization

Note: It is possible for this integration to work with non-SSO Github orgs. You need to set the users github handle/username as the username in their Idp app profile before pushing the user and group to Scimify.

GitHub Enterprise

If you’re using GitHub Enterprise Server (self-hosted), specify your custom base URL in the configuration:

  • GitHub Enterprise Server: https://github.company.com/api/v3
  • GitHub Enterprise Cloud: Use the standard GitHub.com API URL

Need Help?

If you encounter any issues during configuration, please contact support@veraproof.io for assistance.