GitHub OAuth uses GitHub.com organization membership to grant and control access to your GitHub Enterprise instance.

Warning: Support for user authentication via GitHub OAuth will be removed after November 2015. To prepare for this, you should plan to implement a different authentication method. For more information, see "Authenticating users to your GitHub Enterprise instance."

If your company or organization already has an organization account with team members established on GitHub.com, you can use that organization account to grant and control access to your GitHub Enterprise instance. The first time a user logs into your instance, their GitHub Enterprise account is created with the same profile information, email addresses, and public SSH keys as their GitHub.com account.

Members of your GitHub.com organization do not take up license seats until they log into your GitHub Enterprise instance.

Register a new OAuth application

  1. In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile. Profile photo

  2. On the left side of your profile page, under "Organizations", click the icon for your organization. organization icons

  3. Under your organization name, click Settings. Organization settings button

  4. In the Organization Settings sidebar, click Applications. Applications settings

  5. Under Organization applications, click Register new application.
  6. Fill in the form for your new application:
  7. Application name: the name you want to appear when users authorize your GitHub Enterprise instance to access their GitHub.com account information.
  8. Homepage URL: the URL of your GitHub Enterprise instance.
  9. Application description: optional, displayed to users when they authorize your application.
  10. Authorization callback URL: the URL of your instance, followed by /auth/github_oauth/callback. e.g., https://enterprise-hostname.com/auth/github_oauth/callback.
  11. Click Register application.
  12. Note the Client ID and Client Secret on the registration page. You will need them for configuring OAuth on your GitHub Enterprise instance.

Configure OAuth on your GitHub Enterprise instance

  1. In the upper-right corner of any page, click . Rocketship icon for accessing site admin settings

  2. In the left sidebar, click Management Console. Management Console tab in the left sidebar

  3. In the left sidebar, click Authentication. Authentication tab in the settings sidebar

  4. Select GitHub OAuth. OAuth selection

  5. Fill in the OAuth settings:
  6. OAuth Client ID: The client ID created for the OAuth application above.
  7. OAuth Client Secret: The client secret created for the OAuth application above.
  8. Organization name: The name of your GitHub.com organization. To restrict access to a certain team within your organization, you can also enter a <organization_name>/<team_id> pair. Use the /orgs/teams endpoint in the GitHub API to find your team and retrieve its ID number.

User sign-in

To sign into GitHub Enterprise, users must take the following steps:

  1. On your GitHub Enterprise instance site, click Sign in. This should redirect you to GitHub.com’s sign-in page.
  2. On the GitHub.com sign-in page, enter your GitHub.com credentials.
  3. If you haven’t authorized your company’s application, you will be prompted to do so and redirected to your GitHub Enterprise instance.
  4. If you’ve already authorized the application, you will be redirected right away.

Promoting site administrators

Site administrators must be promoted manually. You can promote them from the site admin page or the command line tools.

For more information, see "Promoting or demoting a site administrator".

Suspending users

Users must be suspended manually. To suspend a user, see "Suspending and unsuspending users".