Rezonate
  • 🏠Home
  • 🚩Platform Tour
    • 🇻🇳Platform Dashboard
    • 🆔Identity Analytics
      • 🪪Identity Centric
      • 🔡Identity By Platform
    • ⚠️Risks & Threats
      • Highlighted ITDR Capabilities
  • ℹ️How-to Guides
    • ➕Adding Integrations
    • 🤦Manage Users
    • 🧑‍💼Customize Exposures
    • 👁️‍🗨️Querying & Filtering Data
  • 📐Core Integrations
    • Azure Integration
      • Required Privilegees
      • Update Certificate for Existing Installation
    • Okta Integration
      • Okta Integration -Remediation Supported
    • Google Workspace
      • 1-Click Integration
      • Legacy Integration
    • Google Cloud Integration
    • Zoom Integration
    • DocuSign Integration
    • GitHub Integration
      • GitHub Enterprise Expansion
    • AWS Integration
      • AWS - Required Privileges
      • Log Streaming Integration
    • Salesforce Integration
      • Salesforce - Collected Data & Query Volume
    • JAMF Pro Integration
    • CircleCI Integration
    • Auth0 Integration
    • Cloudflare Integration
    • CrowdStrike Integration
      • Integrating Permissions
    • Slack Integration
    • Workday Integration
    • BambooHR Integration
    • Snowflake Integration
    • LastPass Integration
    • SentinelOne integration
    • SAP Cloud Platform Integration
    • GitLab Integration
    • Oracle NetSuite Integration
    • Atlassian Cloud Integration
    • Zendesk Integration
    • HiBob Integration
    • Microsoft Defender Integration
    • Docusign Integration
    • Mongo Atlas Integration
    • Ping Identity One Integration
    • Generic HRIS Integration
  • 📍Notifications & Alerts
    • Slack Integration
    • HTTP Webhook Integration
      • Webhook Alert Example - Saved Search
      • Webhook Alert Example- ITDR
    • Microsoft Teams Integration
    • Torq Integration
    • Email Integration
    • Splunk Integration
    • Datadog Integration
    • PagerDuty Integration
    • Jira Integration
  • 🆘Troubleshooting & Support
    • Collectors IP Ranges
    • Data Processing
      • AWS
      • Azure Active Directory
      • Azure Cloud
      • Google Workspace
    • SSO Integrations
      • SSO Login - Okta
      • SSO Login - AzureAd
  • 📓Legal & Terms
Powered by GitBook
On this page
  1. Core Integrations
  2. GitHub Integration

GitHub Enterprise Expansion

PreviousGitHub IntegrationNextAWS Integration

Last updated 7 months ago

GitHub Enterprise Integration Overview

This GitHub Enterprise integration builds on the existing GitHub integration within the Rezonate platform, specifically designed to enhance identity security through OIDC-based federation between EntraID and GitHub. The integration detects key federation relationships and tenant-level policies, offering greater control and reducing potential misconfigurations.

Key Features:

  1. Federation Detection: Automatically identifies and monitors the federation between EntraID and GitHub via OIDC, improving overall visibility into authentication flows.

  2. Policy Detection: Detects tenant-level configurations for additional SAML and OIDC providers, ensuring policy alignment across federated identity systems.

  3. MFA Exposure Improvement: By accurately detecting these federations and policies, the integration helps minimize false-positive MFA issues, leading to smoother authentication experiences.

This integration provides enhanced coverage for organizations using GitHub Enterprise, ensuring proper identity configuration and reducing security gaps related to authentication mechanisms.


Integrating Steps

This integration Requires READ-ONLY Access and has to be performed by an Enterprise Administrator

  1. Log in to GitHub with a GitHub Enterprise admin account

  2. On the top-right corner of the screen, click on the user’s avatar

  3. Click on “Your enterprise”

  4. Copy the and share with Rezonate the GitHub enterprise name from the redirected url:

  5. Create a classic Personal access token:

  6. On the top-right corner of the screen, click on the user’s avatar -> Click on “Settings”

  7. From the left pane menu, scroll to the bottom of the page and click on “Developer settings”

  8. From the left pane, expand “Personal access tokens” and choose “Tokens (classic)”

  9. Click on “Generate new token” and choose “Generate new token (classic)”

  10. Name the token “Rezonate Integration Access Token”, Set the expiration to 1 year.

  11. Select the following scopes:

    1. read:org

    2. read:enterprise

    3. read:user

    4. user:email

  12. Click “Generate token”.

Share back with Rezonate the following:

  • Enterprise Name (As extracted from the URL)

  • The generated Token.

📐
https://github.com/enterprises/<enterprise_name>