SaaS Security Administrator's Guide
    : Onboard a GitHub Enterprise App to SSPM Using OAuth 2.0
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Posture Management
    5. Onboard SaaS Apps Supported by SSPM
    6. Onboard a GitHub Enterprise App to SSPM
    7. Onboard a GitHub Enterprise App to SSPM Using OAuth 2.0
    Download PDF

    SaaS Security Administrator's Guide

    Onboard a GitHub Enterprise App to SSPM Using OAuth 2.0

    Table of Contents

    Onboard a GitHub Enterprise App to SSPM Using OAuth 2.0

    Connect a GitHub Enterprise instance to SSPM to detect posture risks.
    For SSPM to detect posture risks in your GitHub Enterprise instance, you must onboard your GitHub Enterprise instance to SSPM. Through the onboarding process, SSPM connects to a GitHub API and, through the API, scans your GitHub Enterprise instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
    SSPM gets access to your GitHub Enterprise instance through OAuth 2.0 authorization. During the onboarding process, you are prompted to log in to GitHub Enterprise and to grant SSPM the access it requires.
    To onboard your GitHub Enterprise instance, you complete the following actions:
    1. Identify the Administrator Account for Granting SSPM Access
      During the onboarding process, SSPM will redirect you to log in to GitHub Enterprise. After you log in, GitHub Enterprise will prompt you to grant SSPM the access it needs to your GitHub Enterprise instance.
      1. Verify that your account has the permissions that SSPM will require.
        Required Permissions: To grant SSPM the access that it requires, you must log in as an Enterprise Owner or Organization Owner. If you want SSPM to scan multiple organizations, the account must have Owner permissions for all the organizations.
        After SSPM establishes the connection, it will perform an initial scan of your GitHub Enterprise instance, and will then run scans at regular intervals. For SSPM to run these scans, the administrator account that you use to establish the initial connection must remain available. For this reason, we recommend that you use a dedicated service account to grant SSPM access. If you delete the service account, the scans will fail and you will need to onboard GitHub Enterprise again.
      2. Sign out of all GitHub Enterprise accounts.
        Signing out of all GitHub Enterprise accounts helps ensure that you sign in under the correct account during the onboarding process. Some browsers can automatically sign you in by using saved credentials. To ensure that the browser does not automatically sign you in to the wrong account, you can turn off any automatic sign-in option or clear your saved credentials. Alternatively, you can prevent the browser from using saved credentials by opening the Cloud Management Console in an incognito window.
    2. Connect SSPM to Your GitHub Enterprise Instance
      By adding a GitHub Enterprise app in SSPM, you enable SSPM to connect to your GitHub Enterprise instance.
      1. From the Add Application Page (Posture SecurityApplicationsAdd Application), click the GitHub Enterprise Beta tile.
      2. On the Posture Security tab, Add New instance.
      3. Log in with Credentials.
      4. Connect.
        SSPM redirects you to the GitHub Enterprise login page.
      5. Enter the credentials for the administrator account that you identified earlier, and log in to GitHub Enterprise.
        GitHub Enterprise displays a consent form that details the access permissions that SSPM requires.
      6. Review the consent form and allow access.

    © 2024 Palo Alto Networks, Inc. All rights reserved.