By Jon Griffin Posted June 7, 2017
Recently, GitHub announced GitHub SAML SSO support for their online, SaaS solution. GitHub enterprise has supported integrating with a directory service for a while now, but the recent support for SAML on GitHub.com is a major step forward for IT and DevOps organizations. In this blog post, we’ll walk through a number of the GitHub SAML SSO benefits.
Legacy IAM and SSO
In order to understand how valuable this new functionality is, we need to step back and understand how IT and DevOps organizations have been approaching their identity management strategy. Historically, identity and access management has been largely the domain (no pun intended) of Microsoft Active Directory® and OpenLDAP™. These two legacy on-prem directory services were the center of an organization’s identity management world. Whatever the two IAM solutions could connect and manage was often what was utilized within the organization. For AD, this was mainly Windows-based solutions and for OpenLDAP it was those IT resources that could integrate with LDAP.
DevOps IAM and SSO
Fast forward to today, and the DevOps movement is changing this model. Many DevOps solutions are being delivered from the cloud and they leverage a wide variety of authentication protocols. A great example of that is GitHub. GitHub has become an extremely popular solution for storing and managing source code. In fact, over 21mm users are leveraging GitHub repos. Integrating a user’s identity with GitHub has been historically difficult. AD or LDAP credentials would need to be translated by another solution in order to have SSO access and that solution would need to be customized to the GitHub login page.
Now, with GitHub SAML SSO support, that problem becomes much easier. IAM solutions can leverage the SAML protocol to authenticate users into GitHub. But, perhaps more importantly, now a DevOps organization can more easily tie all of their core DevOps tools – AWS, Docker, Jenkins, NewRelic, and many more into one core cloud identity management platform. On top of that, many organizations want that core identity to be their G Suite (formerly Google Apps) or Microsoft Office 365 credentials. Effectively, DevOps organizations want to create a True Single Sign-On™ approach for their technical users.
Solutions With GitHub’s New SSO Capabilities
Let’s walk through how to make that work. By leveraging a central and core cloud directory that supports a variety of platforms, protocols, provider, and locations, DevOps organizations now have one identity that can cut across their entire DevOps toolchain. Identities can be federated to G Suite or Office 365. Those same identities are then leverage for cloud servers at AWS, Google Cloud, Azure, and many more. Because the cloud identity management platform supports a variety of protocols, LDAP authentication can be leveraged for solutions such as Jenkins, Docker, OpenVPN, MySQL, and many more. Again, the same core identities that were used in all of the other places are used here again. Plus, that same identity can now be used via GitHub SAML for SSO into that solution.
For IT admins and DevOps engineers, the benefits are tremendous. Provisioning and deprovisioning across a wide variety of DevOps tools now becomes a snap. This is a dramatic increase to security as users can be removed from having access quickly and easily. Technical personnel don’t need to deal with the friction and overhead of managing dozens of separate accounts. For increased security, it becomes much easier to add multi-factor authentication or 2FA to user logins on systems and applications.
GitHub SAML SSO and DevOps
If you would like to learn more about how GitHub SAML SSO benefits and is unlocking a complete DevOps identity management in a box approach, drop us a note. Alternatively, check out our Directory-as-a-Service platform to see for yourself how you can leverage a cloud identity management platform for your DevOps approach. Your first 10 users are free forever.