GitHub

Connecting to GitHub

To connect to GitHub you must enter the "slug" for your GitHub organization. You can find this by looking at the URLs when you are accessing GitHub:

https://github.com/orgs/**`orgname`**/

Trelica connects using OAuth, so once you've entered this you will be prompted to log in and approve the connection.

If you have SAML2 SSO enforced for GitHub access, then you will need to first login to GitHub via your Identity Provider, and then afterwards (in the same browser), make the connection from Trelica.

You can read more here:

https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on#about-oauth-apps-github-apps-and-saml-sso

Github lets you configure IP allow lists - this article contains the IP addresses you need to enter for Trelica.

Understanding GitHub user accounts and email addresses

When Trelica connects to an application, each application user's corporate email address is requested so that Trelica can link data back to a central 'person' identity in Trelica. This way Trelica can show all applications used by a particular person.

GitHub user accounts are identified by a GitHub user name. Whilst GitHub accounts do have an associated email address, GitHub users can opt to keep the address private. Even if the address is public, it's often a personal email address. This is because many people use their GitHub account to contribute to a broad range of private and public projects on GitHub and not just projects for their current employer.

When Trelica reads GitHub users, the users who are contributing to your repositories are read, but for the reasons described above, a corporate email addresses is often not available.

The exception is if you have SAML2 SSO enabled for GitHub.

In this case, the first time someone logs in to your GitHub organization using their corporate email address and SAML2, GitHub lets the person create a connection to a normal GitHub user account. Trelica can read this link from GitHub and tie users back to a central 'person' identity in Trelica.

Without SAML2 SSO then you will just see the GitHub user names.

Setting up the integration in GitHub Enterprise Server

If your organization uses GitHub Enterprise Cloud the following steps can be ignored. If your organization users a self-hosted GitHub Enterprise Server platform, then you will need to configure an OAuth application as described below:

Navigate to Settings > Developer settings > OAuth Apps and click Register a new application.

Input an Application name and Homepage URL followed by an optional Application description. Most importantly input an Authorization callback URL of https://app.trelica.com/IntegrationsApi/Integrations/GitHubServer/AuthCallback.

Click Register application to create the OAuth application.

On the following page, click Generate a new client secret to generate the required credentials to connect.

Copy the Client secret as it will be required alongside the Client ID when connecting the integration in Trelica.