GitHub/SAML issues

From MozillaWiki
< GitHub
Revision as of 17:56, 18 November 2021 by Cknowles-moz (talk | contribs) (Changed wording on login source to be more prescriptive than wishy washy)
Jump to navigation Jump to search

GitHub Enterprise SAML Issues

This page is a Landing spot from Auth0 if there's been an error authenticating your SAML connection with GitHub

There are three things needed in your account in people.mozilla.org in order to successfully SAML with GitHub, and other settings that may lead to problems with SAML authentication to Mozilla related GitHub organizations.

You need a profile in people.mozilla.org

  • If you're Mozilla staff or NDA'd, you should already have one linked to your LDAP account
  • If you're not, but still need access to SAML'd GitHub resources, you can sign up for one by going here and clicking on "Log in/Sign up"
    • You'll need to use either LDAP or an FxA account as the login source

Linking your people.mozilla.org account to your GitHub ID

In your profile on people.mozilla.org you need to have your identity from GitHub connected and verified.

  1. Log onto your profile people.mozilla.org
  2. Scroll down until you see the "Identities" section
  3. Click on the pencil icon to edit it.
  4. Click on "+ Identities"
  5. Select "GitHub" from the dropdown menu and click "VERIFY"
    1. Note, you can also link your Bugzilla ID here.
  6. You should be taken to GitHub to log in and verify your ID.
    1. You may see a button to “Authorize Mozilla” - Click that.
  7. Get back to your people.m.o profile, and edit the identities (Steps 1-5)

This linkage does NOT change anything in your GitHub account, merely allowing Mozilla staff to see the connection between your GitHub ID and your people account.

Being a member of the correct groups in people.mozilla.org

If you want to SAML to a GitHub organization named <ORGNAME> you'll need to belong to a group in people.mozilla.org named "GHE_<ORGNAME>_users" - so if "mozilla-it" is the org, "GHE_mozilla-it_users" is the group.

  1. Log into people.mozilla.org and look at the access groups here
  2. Search for the group in question
  3. Click on the group name
  4. Click on "Request Invitation" - a curator of the group may reach out to you with any questions
  5. If your invitation is approved, you'll receive an email for confirmation, and you'll be a member of the group.
    1. Once you have the invitation approved, log out of people (click on the profile pic in the upper left and click "Logout") then click "Sign in" also in the upper left.

If nothing works

There are several ways to reach out to us

  • Best - bugzilla bug for GitHub Administration
  • We're on matrix in the #github-admin channel
  • Email to ghe-admins@mozilla.com
Retrieved from "https://wiki.allizom.org/index.php?title=GitHub/SAML_issues&oldid=1239107"