GitHub/SAML issues

From MozillaWiki
Jump to: navigation, search

GitHub Enterprise SAML Issues

This page is a Landing spot from Auth0 if there's been an error authenticating your SAML connection with GitHub

There are three things needed in your account in in order to successfully SAML with GitHub, and other settings that may lead to problems with SAML authentication to Mozilla related GitHub organizations.

You need a profile in

  • If you're Mozilla staff or NDA'd, you should already have one linked to your LDAP account
  • If you're not, but still need access to SAML'd GitHub resources, you can sign up for one by going here and clicking on "Log in/Sign up"
    • We'd prefer you use LDAP or FxA for the Login source.

Linking your account to your GitHub ID

In your profile on you need to have your identity from GitHub connected and verified.

  1. Log onto your profile
  2. Scroll down until you see the "Identities" section
  3. Click on the pencil icon to edit it.
  4. Click on "+ Identities"
  5. Select "GitHub" from the dropdown menu and click "VERIFY"
    1. Note, you can also link your Bugzilla ID here.
  6. You should be taken to GitHub to log in and verify your ID.
    1. You may see a button to “Authorize Mozilla” - Click that.
  7. Get back to your people.m.o profile, and edit the identities (Steps 1-5)

This linkage does NOT change anything in your GitHub account, merely allowing Mozilla staff to see the connection between your GitHub ID and your people account.

Being a member of the correct groups in

If you want to SAML to a GitHub organization named <ORGNAME> you'll need to belong to a group in named "GHE_<ORGNAME>_users" - so if "mozilla-it" is the org, "GHE_mozilla-it_users" is the group.

  1. Log into and look at the access groups here
  2. Search for the group in question
  3. Click on the group name
  4. Click on "Request Invitation" - a curator of the group may reach out to you with any questions
  5. If your invitation is approved, you'll receive an email for confirmation, and you'll be a member of the group.
    1. Once you have the invitation approved, log out of people (click on the profile pic in the upper left and click "Logout") then click "Sign in" also in the upper left.

If nothing works

There are several ways to reach out to us

  • Best - bugzilla bug for GitHub Administration
  • We're on matrix in the #github-admin channel
  • Email to