Opal’s Github Enterprise connection allows you to review and manage access to Github Enterprise teams and roles.Documentation Index
Fetch the complete documentation index at: https://docs.opal.dev/llms.txt
Use this file to discover all available pages before exploring further.
Supported resources
| Resource | Read | Grant and revoke access |
|---|---|---|
| GitHub teams | ✔️ | ✔️ |
| GitHub Enterprise teams | ✔️ | ✔️ |
| GitHub organization roles | ✔️ | ✔️ |
| GitHub Enterprise roles | ✔️ | ✔️ |
| GitHub organization owner role | ✔️ | ✔️ |
| GitHub organization | ✔️ |
Requirements
To set up your Github Enterprise connection in Opal:- You must be an Opal Admin
- You must be a Github Enterprise Admin
- You must have a Github owner account for your enterprise
How to create a Github owner account
We recommend not to use your personal account as Opal needs this personal
account token (PAT) to connect to your Github Enterprise.
- Log into the Github enterprise you want to integrate with Opal. Ensure the account you are creating a PAT for is an owner of the enterprise. Appoint the account you just created as co-owner of the enterprise.
- Create a personal access token for the owner account you just created. When creating the personal access token, enable the admin:enterprise permission. Take note of this for creating your Github Enterprise app in Opal in Step 3.
Setup Instructions
1. Connect to Github Enterprise in Opal
To set up a new connection, go to Inventory > + App and select Github.If you want to keep history of your old Github connection, you can migrate your existing connection to an enterprise connection. Simply go to Setup > Migrate to Enterprise Account in your existing connection, and continue following the steps below.
SAML SSO ingestion for Enterprise connections uses GitHub’s SCIM API, which
automatically syncs all users provisioned in your IdP — no GitHub SSO sign-in
required from end users. To enable this, two things must be configured:
- On GitHub: SAML SSO must be enabled on your organization, and a GitHub org owner must generate a Personal Access Token (classic) with the
admin:orgscope, authorized for SAML SSO. See About SCIM for organizations. - On your IdP (e.g., Okta): Configure the GitHub SCIM app using GitHub’s SCIM endpoint (
https://api.github.com/scim/v2/organizations/{org}/) and the PAT from step 1. See GitHub’s SCIM API reference.
2. Create a Github App in Github Enterprise
For Opal to manage your Github Enterprise’s resources, you must create a Github app within your enterprise. In Github Enterprise, go to Settings > Github Apps > New Github App. Fill in the following fields:| Field | Input |
|---|---|
| Github App Name | A descriptive name |
| Homepage URL | Your homepage URL |
| Callback URL | https://app.opal.dev/callback/github |
| Setup URL | The setup URL you took note of in Step 1 |
| Webhook | Inactive |
| Repository Permissions | Administration: Read and Write |
| Organization Permissions | Administration: Read and Write Members: Read and Write |
| Account Permissions | Email addresses: Read only |
| Enterprise Permissions | Custom Enterprise Roles: Read and Write Enterprise Organizations: Read and Write Enterprise People: Read only Enterprise Teams: Read and Write Enterprise Organization Installations: Read only |