GitHub org integration

Complete the following steps to integrate Identity Security Posture Management (ISPM) with your GitHub orgs:

  1. Check your GitHub org

  2. Install Spera Security

  3. Create a personal access token

  4. Share the parameters with ISPM

Before you begin

  • Do the steps in this topic only if the orgs selected for integration aren't part of an enterprise.

  • Ensure that you use an account that has the Organization owner role for all orgs that you want to integrate with ISPM. This is necessary for ISPM to monitor and detect issues for your orgs.

Check your GitHub org

Confirm that the GitHub orgs you want to integrate aren't a part of an enterprise:

  1. Navigate to the org's GitHub page.

  2. Click your profile icon to open the menu.

  3. Click Your organizations, and then click to select an org.

    • If the enterprise name doesn't appear after the org's name, this org is not a part of an enterprise.

    • If the org belongs to an enterprise, the enterprise name appears after the org's name.

      This method of identifying enterprise associations only applies to orgs you are a member of. It doesn't show enterprise memberships for orgs you don't have access to.

  4. If the orgs you'd like to integrate with aren't part of an enterprise, follow the steps listed in this topic. If the orgs you'd like to integrate with are a part of an enterprise, follow the steps listed in the GitHub enterprise integration topic instead.

  5. Repeat steps 1 - 4 for each org you want to integrate with ISPM.

Install Spera Security

You must be an Organization owner for the org to complete this task.

  1. Go to the Spera Security app page.

  2. Click Install or Configure.

  3. Select the org where you want to install the app.

  4. Select All repositories and click Install & Authorize. You're prompted to approve multiple read-only permissions.

    You're also prompted to approve one read & write permission to the org's members. ISPM uses the read & write permission to read the SSO access to GitHub information, which isn't readable with the read-only permissions.

  5. Repeat steps 1 - 4 for each org you want to integrate with ISPM.

Create a personal access token

  1. Sign in to GitHub as a user with Organization owner role for the orgs you want to integrate with ISPM.

  2. Go to your GitHub dashboard and click your profile icon to open the menu.

  3. Go to Settings Developer settings Personal access tokens Tokens (classic).

  4. Click Generate new token and select Generate new token (classic).

  5. Enter a Note for your new personal access token (classic), for example, Identity Security Posture Management Integration.

  6. Set the Expiration value to a year from today:

    1. Open the Expiration menu and select Custom.

    2. Enter or select the expiration date.

  7. In the Select Scopes section, select the following permissions:

    • read:org

    • read:user

    • user:email

    • read:enterprise

    • read:audit_log

  8. Click Generate token.

  9. Copy your token and store it securely.

If the account loses access to the selected orgs, the integration stops working.

Share the parameters with ISPM

  1. In the Identity Security Posture Management console, go to SettingsConnected sources.

  2. Select GitHub and click Connect.

  3. Ensure that the Enterprise Account setting is toggled OFF.

  4. Share the org IDs for all selected orgs. You can find the org ID by going to the org that you connected to ISPM and copying the ID from the URL. For example: https://github.com/my-org, where my-org is the org ID.
  5. Enter the personal access token that you created earlier.
  6. Click Submit.

Related topics

GitHub enterprise integration