SaaS Security Administrator's Guide
    : Onboard a GitHub Enterprise App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Posture Management
    5. Onboard SaaS Apps Supported by SSPM
    6. Onboard a GitHub Enterprise App to SSPM
    Download PDF

    SaaS Security Administrator's Guide

    Onboard a GitHub Enterprise App to SSPM

    Table of Contents

    Onboard a GitHub Enterprise App to SSPM

    Connect a GitHub Enterprise instance to SSPM to detect posture risks.
    For SSPM to detect posture risks in your GitHub Enterprise instance, you must onboard your GitHub Enterprise instance to SSPM. Through the onboarding process, SSPM logs in to GitHub Enterprise using administrator account credentials. SSPM uses this account to scan your GitHub Enterprise instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
    The GitHub Enterprise administrator account must be configured for multi-factor authentication (MFA), which adds an extra layer of security by requiring a one-time passcode to access the account.
    To onboard your GitHub Enterprise instance, you complete the following actions:

    Collect Information for Connecting to Your GitHub Enterprise Instance

    To access your GitHub Enterprise instance, SSPM requires the following information, which you will specify during the onboarding process.
    Item
    Description
    Username
    The username of a GitHub administrator.
    (
    Required Permissions
    ) The administrator must be assigned to the Enterprise Owner role.
    Password
    The password for the GitHub administrator.
    MFA Secret Key
    A key that is used to generate one-time passcodes for multi-factor authentication.
    Organization name
    The name of the GitHub Enterprises organization that SSPM will scan for misconfigured settings.
    As you complete the following steps, make note of the values of the items described in the preceding table. You will need to enter these values during onboarding to access your GitHub Enterprise instance from SSPM.
    1. Identify the GitHub administrator account that SSPM will use to access your GitHub Enterprise instance.
      (
      Required Permissions
      ) The account must be assigned to the Enterprise Owner role. SSPM needs this level of access to monitor your GitHub Enterprise organization.
    2. Generate and copy an MFA secret key.
      The GitHub Enterprise account must be configured for MFA that requires a time-based one-time passcode (TOTP). TOTPs are generated from authenticator apps such as Microsoft Authenticator by using an MFA secret key. The key is a shared secret between GitHub Enterprise and the authenticator app for generating matching passcodes for verification. Like an authenticator app, SSPM will use the MFA secret key for passcode generation.
      1. Decide which authenticator app you will use and download it to your cellphone. You can use any authenticator app that supports TOTP generation.
      2. Log in to the GitHub administrator account.
      3. Navigate to your profile settings. To navigate to your profile settings, locate your profile icon in the upper-right corner of the page and select
        <profile-icon>
        Settings
        .
      4. From the left navigation pane, select
        Password and authentication
        .
      5. Enable two-factor authentication
        .
      6. On the Two-factor authentication setup page, select the option to
        Set up using an app
        .
      7. Follow the onscreen instructions for setting up the authenticator app, but, when the onscreen instructions display a QR code that contains the MFA secret key, don't scan the QR code with your authenticator app. Instead, display the
        setup key
         for manual configuration. The setup key is your MFA secret key.
      8. Copy the MFA secret key and paste it into a text file.
        Do not continue to the next step unless you have copied the MFA secret key. You will provide this key to SSPM during the onboarding process.
      9. Continue configuring your authenticator app by scanning the QR code or by manually entering the MFA key. Complete any remaining configuration steps by following the onscreen instructions.
    3. Identify the GitHub Enterprise organization to scan.
      Using GitHub Enterprise, you can manage a single organization or multiple organizations. During onboarding, SSPM prompts you for the name of the organization to scan. If you want to scan multiple organizations, you can onboard each one separately. To view the organizations in your GitHub Enterprise, navigate to your organizations page. To navigate to your organizations page in GitHub Enterprise, locate your profile icon in the upper-right corner of the page and select
      <profile-icon>
      Your organizations
      .

    Connect SSPM to Your GitHub Enterprise Instance

    By adding a GitHub Enterprise app in SSPM, you enable SSPM to connect to your GitHub Enterprise instance.
    1. From the Add Application page (
      Posture Security
      Applications
      Add Application
       ), click the GitHub Enterprise tile.
    2. Under posture security instances,
      Add Instance
       or, if there is already an instance configured,
      Add New
       instance.
    3. Choose the option to
      Log in with Credentials
      .
    4. Enter the user credentials, MFA secret key, and the name of the organization that you want SSPM to scan.
    5. Connect
      .

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.