Okta with Github

My OPSWAT Central Management can be easily integrated with an Okta & Github to ensure that a device is compliant with the organization's security policy before it is granted access to Github. This ensures that the user is not only authenticated by Okta, but also a device the user uses to access SaaS applications tested for risks and vulnerabilities such as infections or outdated operating systems, BEFORE it accesses an organization's cloud services.

Follow below steps to integrate My OPSWAT Central Management with your Okta & Github.

Step 1. Create Application On Okta

1. Login to Okta Admin Dashboard
2. Navigate to Applications -> Applications then click on Create App Integration

3. Choose SAML 2.0 and click Next

4. At the SAML Settings step, fill with below information:
   • Single sign-on URL: fill with a placeholder, like http://localhost
   • Audience URI (SP Entity ID): fill with format https://github.com/orgs/<your organization>
   • Name ID format: EmailAddress

5. Click Next then click Finish
6. Navigate to the Github application and click on General tab, then copy Embed Link

7. Click on Sign On tab
8. Copy Sign on URL
9. Copy Issuer
10. Download Signing Certificate

Step 2. Add application and configure Access Rules on My OPSWAT Central Management

1. Log in to the My OPSWAT Central Management console.
2. Navigate to Secure Access > Protected Apps.
3. Check "Enable Secure Access".
4. Click SAVE.
5. Click Add Protected Application then choose IDP METHOD option.
6. Choose option Add new IDP , enter the name, and upload the certificate got in step 1.10. Then click Continue

7. Enter the required fields
   1. Application: application name, for example: Github
   2. IdP Login URL: fill in the link that you have from Step 1.6
   3. IdP Start URL: fill with the link that you have from Step 1.8
   4. App ACS URL: is the Gihub single sign-on post back URL of your organization's Github, format is https://github.com/orgs/<your organization name>/saml/consume
   5. Access Mode: pick an access mode you prefer. See details on the access modes at Step 2. Add protected applications with IdP Method

8. After saving successfully, a SSO setup instruction will be shown, copy the ACS URL My OPSWAT Central Management generated there and download the OPSWAT Certificate. Note that this information can be found in the protected app's details later.

Step 3. Update Okta Application

1. Navigate to the application created in Step 1
2. Click on General tab, click Edit button under SAML Settings section
3. Click Next to go to SAML Settings section and fill the Single sign-on URL with the ACS URL from Step 2.8. Then click Next and Finish

Step 4. Configure SSO On Github

1. Login to your Github account and navigate to Settings -> Security -> Authentication security
2. Click Enable SAML authentication and fill the required fields:
   • Sign on URL: fill with the ACS URL from Step 2.8
   • Issuer: fill with the Issuer from Step 1.9
   • Public certificate: open the certificate file from Step 2.8 and copy the content then paste to the public certificate box

3. Click Test SAML Configuration. If the test is successful, click Save to complete the setup.