Like many companies, my organziation uses Github and has multiple Github orgs under our umbrella. However, we don’t have Enterprise Managed Accounts for several reasons. But we have to closely monitor Github accounts due to SOX and compliance reasons and disable access when employees leave the company.

There is a round about way to do this with SCIM and Okta where you use an Okta app called “Github Enterprise Cloud – Organization“, enter your Github organization name, and setup SAML the way you normally would.

When I go to the Provisioning page and click to integrate the Okta app with the Github org, I frequently get an error saying “Error authenticating: Forbidden. Errors reported by remote server:”

After eons of troubleshooting, I’ve found the simplest solution is to make sure you are authenticated with Github, and then in the org you are trying to setup, go to this page: https://github.com/orgs/YOURORG/policies/applications/475360 and click the Approve button. What happened for me is that I wouldn’t see the Okta OAN integration app in our OAUTH apps page, and I couldn’t approve it. But it was waiting for approval. Going to that page above (which I could not find linked to anywhere) fixed the problem for me.