Home / Blog / Expanding on GitHub Tracking AutomationPublished: Jul 13, 2022 / By Andrew Doering
Previously, I wrote about using Okta to track GitHub Usernames across the entire org and further tracking that could be done from that using SIEM or Okta Workflows & Google Sheets. You can find that blog post here.
Today however, I am wanting to introduce a different flow of workflow (similar to SCIM) that automatically checks if the username exists in GitHub (isn’t some bogus/fake username) and then automatically checks to see if a team exists under their Department / Team Name and if not, creates the Parent and Child team relationship in it’s place.
GitHub provides a SCIM based way to manage teams effectively, which is outlined here. However, there are some drawbacks to that.
The benefit of this Okta Workflow is that,
It is honestly unclear to me when looking through GitHub’s API Documents, if GitHub Enterprise Cloud is actually required to use the API endpoint. They make note of the licensing level, but, they are talking about a feature not the API itself. In any case, we do have GitHub Enterprise Cloud at the time that I wrote this workflow.
This will use the existing group rule and group setup that is described in the afore mentioned blog post linked in the introduction.
We utilize these two flows to:
Also, the Process Names flow was actually written by someone (I can’t find who, otherwise I would credit them, and will do so once I find the post) in #okta-workflows on MacAdmins.
iam-github-sso, and subsequently being assigned GitHub, this kicks off the flow.
techcould also include
Findcard to do an exact match of the team name. We get the team ID
For the child flow, we basically repeat step 4 through 6. However, we add the following to the Constructed Body:
"parent_team_id":$Parent Team ID}
This allows us to create the sub team.
There are definitely some more validation checking and error checking that could be done, but this should get you on the right track to automate team memberships in the same way that SCIM does it while not having to adhere to some of the limitations of SCIM.
If anyone has some ideas on improvements or opinions, feel free to share below in the comments. :)