0b291aae6c
Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
3.4 KiB
title, shortTitle, intro, versions, topics
| title | shortTitle | intro | versions | topics | ||||
|---|---|---|---|---|---|---|---|---|
| SAML and GitHub Apps | SAML with apps | If your organization is SSO protected, you may need to start an active SSO session for your organization before authorizing, installing, or requesting a {% data variables.product.prodname_github_app %}. |
|
|
Authorizing {% data variables.product.prodname_github_apps %} for users
If your organization or enterprise uses SSO, you may not be able to see your organization's resources or enterprise's internal resources after you authorize a {% data variables.product.prodname_github_app %}. For example, if the app displays a list of repositories, you may not see repositories owned by your organization. To resolve this issue, follow these steps:
- Go to
https://github.com/orgs/ORGANIZATION-NAME/ssoorhttps://github.com/enterprises/ENTERPRISE_NAME/ssoto start an active SSO session for that account. ReplaceORGANIZATION-NAMEorENTERPRISE-NAMEwith the name of the appropriate account. Attempting to access any resources owned by the account will aso trigger SSO if you don't have a session already. - Revoke your authorization of the {% data variables.product.prodname_github_app %}. For more information, see AUTOTITLE.
- Reauthorize the {% data variables.product.prodname_github_app %}. {% data variables.product.prodname_github_app %} authorization is initiated by the app and varies based on the app. For example, some {% data variables.product.prodname_github_apps %} may have you click on a link or enter a command in your terminal. For more information, see AUTOTITLE.
SSO can be enforced at the organization or enterprise level. If it's enforced at the enterprise level, having an SSO session with any organization allows access to all organizations. This will appear as a credential authorization on the token for each organization you are a member of at the time of the application authorization.
For access to internal data in an enterprise, such as repositories, projects, or packages, you must have an SSO session for any organization within that enterprise. Even if the organizations do not use the same SSO provider (for instance, as a result of a merger or acquisition), any organization's SSO session is sufficient for internal access.
Installing or requesting {% data variables.product.prodname_github_apps %} for organizations with SSO
If your organization or enterprise uses SSO, you may not see your organization listed when you try to install or request an {% data variables.product.prodname_github_app %} for your organization. To resolve this issue, follow these steps:
- Go to
https://github.com/orgs/ORGANIZATION-NAME/ssoorhttps://github.com/enterprises/ENTERPRISE_NAME/ssoto start an active SSO session for that account. ReplaceORGANIZATION-NAMEorENTERPRISE-NAMEwith the name of the appropriate account. - Try to install or request the {% data variables.product.prodname_github_app %} again. For more information, see AUTOTITLE, AUTOTITLE, and AUTOTITLE.