Github

Authentication Setup

Azure Configuration

First, decide whether to create a personal application or an organization-level application:

For a Personal Application:
- Navigate to your GitHub Developer Settings .
- You will be presented with options to create a new application, depending on whether you have existing applications:
For an Organization Application:
- Go to https://github.com/organizations/YOUR_ORG_SLUG/settings/applications.
- Choose to create a new application as shown:
Register the Application:
- Enter a name for your application, such as ScaleOps.
- Set the homepage URL to your ScaleOps dashboard URL (e.g., https://<YOUR-SCALEOPS-DASHBOARD-URL>).
- Define the authorization callback URL as https://<YOUR-SCALEOPS-DASHBOARD-URL>/auth/callback.
- Click Register Application to finalize the registration.
Saving Credentials:
- After registration, securely save the Client ID.
- Click Generate New Client Secret and save the Client Secret. These credentials are crucial for the ScaleOps configuration.

ScaleOps Configuration

Add the following helm values to your helm values.yml file:


authProvider:
  provider: github
  github:
    clientID: <CLIENT-ID>
    clientSecret: <CLIENT-SECRET>

Replace <CLIENT-ID> and <CLIENT-SECRET> with the credentials saved from the GitHub application setup.

Groups Setup

ScaleOps Configuration

In order to enable groups, add the following configuration to your values.yaml file:


authProvider:
  provider: github
  authorization:
    enabled: true
  github:
    clientID: <CLIENT-ID>
    clientSecret: <CLIENT-SECRET>
  defaultAdminGroups:
    - "company-com:scaleops-admins"
    - "company-com:scaleops-devops"
  defaultViewerGroups:
    - "company-com:scaleops-viewers" # Optional
    - "company-com:scaleops-finops" # Optional
  defaultOperatorGroups:
    - "company-com:scaleops-operators" # Optional

Where company-com is your GitHub organization and the scaleops-admins is the name of the group that will be used from your GitHub organization.

Please make sure that you write it in this format company-com:group and that the group is a valid group in your GitHub organization.

Advanced Configuration

Enterprise Configuration for On-Premises GitHub


authProvider:
  provider: github
  github:
    clientID: <CLIENT-ID>
    clientSecret: <CLIENT-SECRET>
    hostName: <github-enterprise-hostname>
    rootCA: <github-enterprise-root-ca>

Ensure that placeholders are replaced with appropriate values specific to your GitHub Enterprise setup.

User Filtering

Filter users based on their organization and teams.

Organization and Teams Filtering


authProvider:
  github: # [Previous configuration]
    orgs: # optional
      - name: company # required if 'orgs' is used
        teams: # optional
          - fin-ops-team
          - dev-ops-team
          - dev-team-a

Add the names of the organizations and teams you want to include.

Team Mapping

Map the teams using different fields.

Team Name Field Mapping


authProvider:
  github: # [Previous configuration]
    teamNameField: slug # optional, default is 'name'

Choose between name, slug, or both for mapping team names.

User Restriction

Restrict login to users with a specific email domain.

Preferred Email Domain Restriction


authProvider:
  github: # [Previous configuration]
    preferredEmailDomain: company.com # optional

Users with an unverified email in the preferredEmailDomain will not be able to log in.