GitHub enterprise integration

Complete the following steps to integrate Identity Security Posture Management (ISPM) with your GitHub orgs:

  1. Check your GitHub org

  2. Install Spera Security

  3. Create a personal access token

  4. Share the parameters with ISPM

Do the steps in this topic only if the orgs selected for integration are a part of the same enterprise.

Check your GitHub org

Confirm that the GitHub org you want to integrate isn't a part of an enterprise:

  1. Navigate to the org's GitHub page.

  2. Click your profile icon to open the menu.

  3. Click Your organizations, and then select an org.

    • If the org belongs to an enterprise, the enterprise name appears after the org's name.

    • If the enterprise name doesn't appear after the org's name, this org isn't a part of an enterprise.

      This method of identifying enterprise associations only applies to orgs you are a member of. It doesn't show enterprise memberships for orgs you don't have access to.

  4. If the orgs you'd like to integrate with are a part of the same enterprise, follow the steps listed in this topic. If the orgs you'd like to integrate with aren't part of an enterprise, follow the steps listed in the GitHub org integration topic instead.

Install Spera Security

You must be an Organization owner for the org to complete this task.

  1. Go to the Spera Security app page.

  2. Click Install or Configure.

  3. Select the org where you want to install the app.

  4. Select All repositories and click Install & Authorize. You're prompted to approve multiple read-only permissions.

    You're also prompted to approve one read & write permission to the org's members. ISPM uses the read & write permission to read the SSO access to GitHub information, which isn't readable with read-only permissions.

  5. Repeat steps 1 - 4 for the next org.

Create a personal access token

  1. Sign in to GitHub as a user with Enterprise owner role for the enterprise.

  2. Go to your GitHub dashboard and click your profile icon to open the menu.

  3. Go to Settings Developer settings Personal access tokens Tokens (classic).

  4. Click Generate new token and select Generate new token (classic).

  5. Enter a Note for your new personal access token (classic), for example, Identity Security Posture Management Integration.

  6. Set the Expiration value to a year from today:

    1. Open the Expiration menu and select Custom.

    2. Enter or select the expiration date.

  7. In the Select Scopes section, select the following permissions:

    • read:org

    • read:user

    • user:email

    • read:enterprise

    • read:audit_log

  8. Click Generate token.

  9. Copy your token and store it securely.

If the account loses access to the selected enterprise, the integration stops working.

Share the parameters with ISPM

  1. In the Identity Security Posture Management console, go to SettingsConnected sources.

  2. Select GitHub and click Connect.

  3. Ensure that the Enterprise Account setting is toggled ON.

  4. Share the enterprise slug. The slug is in the enterprise URL, for example: https://github.com/enterprises/my-org, where my-org is the slug.

  5. Enter the org IDs separated by commas for all orgs. You can find the org ID by going to the org that you connected to ISPM and copying the ID from the URL. For example: https://github.com/my-org, where my-org is the org ID.

  6. Enter the personal access token that you created earlier.
  7. Click Submit.

Related topics

GitHub org integration