website/integrations: New VCS section and GitHub integrations (#3437)

* website/docs: create VCS section Moved gitea and gitlab to new VCS category. * website/docs: add GitHub-related integrations Added GitHub Organization and GitHub Enterprise Cloud integrations. GHEC contains a note on EMU users being unsupported (GitHub limitation). * website/docs: added GitHub links to VCS * website/docs: Fix GitHub linter problems
2022-08-18 11:30:38 +01:00 · 2022-08-18 11:30:38 +01:00 · c900411d5a
parent 1adc6948b4
commit c900411d5a
5 changed files with 118 additions and 2 deletions
--- a/website/integrations/services/github-enterprise-cloud/ghec_saml_settings.png
+++ b/website/integrations/services/github-enterprise-cloud/ghec_saml_settings.png
--- a/website/integrations/services/github-enterprise-cloud/index.md
+++ b/website/integrations/services/github-enterprise-cloud/index.md
@ -0,0 +1,55 @@
+---
+title: GitHub Enterprise Cloud
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is GitHub Enterprise Cloud
+
+From https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises
+
+:::note
+GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
+:::
+
+:::note
+GitHub Enterprise Cloud EMU (Enterprise Managed Users) are not compatible with authentik. GitHub currently only permits SAML/OIDC for EMU organizations with Okta and/or Azure AD.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `github.com/enterprises/foo` is your GitHub organization, where `foo` is the name of your enterprise
+-   `authentik.company` is the FQDN of the authentik Install
+
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+
+-   ACS URL: `https://github.com/enterprises/foo/saml/consume`
+-   Audience: `https://github.com/enterprises/foo`
+-   Issuer: `https://github.com/enterprises/foo`
+-   Binding: `Post`
+
+Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.
+
+Once the provider is created, it is advised to download the signing certificate as you will need it later.
+
+## GitHub Configuration
+
+Navigate to your enterprise settings by clicking your GitHub user portrait in the top right of GitHub.com, select `Your enterprises` and click `Settings` for the enterprise you wish to configure.
+
+In the left-hand navigation, within the `Settings` section, click `Authentication security`
+
+On this page:
+
+-   Select the `Require SAML authentication` checkbox.
+-   In `Sign on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
+-   For `Issuer`, type `https://github.com/enterprises/foo` or the `Audience` you set in authentik
+-   For `Public certificate`, paste the _full_ signing certificate into this field.
+-   Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.
+
+![Screenshot showing populated GitHub enterprise SAML settings](ghec_saml_settings.png)
+
+Once these fields are populated, you can use the `Test SAML configuation` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
+
+Scroll down to hit the `Save` button below.
--- a/website/integrations/services/github-organization/ghorg_saml_settings.png
+++ b/website/integrations/services/github-organization/ghorg_saml_settings.png
--- a/website/integrations/services/github-organization/index.md
+++ b/website/integrations/services/github-organization/index.md
@ -0,0 +1,53 @@
+---
+title: GitHub Organization
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is GitHub Organizations
+
+From https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations
+
+:::note
+Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `github.com/orgs/foo` is your GitHub organization, where `foo` is the name of your org
+-   `authentik.company` is the FQDN of the authentik Install
+
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+
+-   ACS URL: `https://github.com/orgs/foo/saml/consume`
+-   Audience: `https://github.com/orgs/foo`
+-   Issuer: `https://github.com/orgs/foo`
+-   Binding: `Post`
+
+Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.
+
+Once the provider is created, it is advised to download the signing certificate as you will need it later.
+
+## GitHub Configuration
+
+Navigate to your organization settings by going to your organization page at https://github.com/foo, then click Settings.
+
+In the left-hand navigation, scroll down to the Security section and click `Authentication security`
+
+On this page:
+
+-   Select the `Enable SAML authentication` checkbox.
+-   In `sign-on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
+-   For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik
+-   For `Public certificate`, paste the _full_ signing certificate into this field.
+-   Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.
+
+Once these fields are populated, you can use the `Test SAML configuation` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
+
+Scroll down to hit the `Save` button below.
+
+![Screenshot showing populated GitHub organization SAML settings](ghorg_saml_settings.png)
+
+This enables SAML as an authentication _option_. If you want to _require_ SAML for your organization, visit your SSO url at `https://github.com/orgs/foo/sso` and sign in. Once signed in, you can navigate back to the `Authentication security` page and check `Require SAML SSO authentication for all members of the foo organization.`
--- a/website/sidebarsIntegrations.js
+++ b/website/sidebarsIntegrations.js
@ -80,13 +80,21 @@ module.exports = {
                    type: "category",
                    label: "Developer tools",
                    items: [
-                        "services/gitea/index",
-                        "services/gitlab/index",
                        "services/sentry/index",
                        "services/sssd/index",
                        "services/weblate/index",
                    ],
                },
+                {
+                    type: "category",
+                    label: "Version Control Systems",
+                    items: [
+                        "services/gitea/index",
+                        "services/github-enterprise-cloud/index",
+                        "services/github-organization/index",
+                        "services/gitlab/index",
+                    ],
+                },
                "services/home-assistant/index",
                "services/node-red/index",
                "services/kimai/index",