GitHub Team Sync
Learn how to automatically synchronize your GitHub teams with Hanzo KMS Groups.
Overview
The GitHub Organization Synchronization feature streamlines user and group management by automatically syncing users belonging to your specified GitHub organization with corresponding groups within Hanzo KMS. This integration ensures that users logging in via GitHub are automatically added to or removed from Hanzo KMS groups based on their team memberships within your GitHub organization.
Configuration
To enable and configure GitHub Organization Synchronization, follow these steps:
- Navigate to the Single Sign-On (SSO) page and select the Provisioning tab.
- Click the Configure button and provide the name of your GitHub Organization.
Toggle ON GitHub Organization sync to activate sync.
Connecting the Hanzo KMS OAuth application grants it permission to read:org details. This approval is done by selecting your organization during the GitHub OAuth login process.
- Initiate the login process via the GitHub OAuth flow.
- Select the organization you have connected.
- Grant access to Hanzo KMS oauth application to your configured organization. Hanzo KMS shown here is an organization, just for walkthrough.
This action only needs to be done once and authorizes the Hanzo KMS OAuth app to read organization details, including team information. The following users don't need to select organization in GitHub on login anymore.
Working
Once configured, the GitHub Organization Synchronization feature functions as follows:
When a user logs in via the GitHub OAuth flow and selects the configured organization, the system will then automatically synchronize the teams they are a part of in GitHub with corresponding groups in Hanzo KMS.
Manual Team Sync
You can manually synchronize GitHub teams for all organization members who have previously logged in with GitHub. This bulk sync operation updates team memberships without requiring users to log in again.
To perform manual syncs, you'll need to create a GitHub Personal Access Token with the appropriate permissions. GitHub offers two types of tokens:
- Go to GitHub Settings → Personal Access Tokens → Tokens (classic)
- Click Generate new token → Generate new token (classic)
- Give your token a descriptive name (e.g., "Hanzo KMS GitHub Sync")
- Set an appropriate expiration date
- Select the read:org scope - Required to read organization team information
- Click Generate token
- Copy the token immediately (you won't be able to see it again)
- Go to GitHub Settings → Personal Access Tokens → Fine-grained tokens
- Click Generate new token
- Give your token a descriptive name (e.g., "Hanzo KMS GitHub Sync")
- Set an appropriate expiration date
- Select your organization under Resource owner
- Under Organization permissions, set Members to Read
- Click Generate token
- Copy the token immediately (you won't be able to see it again)
- Navigate to the Single Sign-On (SSO) page and select the Provisioning tab.
- Click the Configure button next to your GitHub Organization configuration.
- In the configuration modal, you'll find an optional GitHub Access Token field.
- Paste the token you generated in the previous step.
- Click Update to save the configuration.
Once you have configured the GitHub access token:
- Navigate to the Single Sign-On (SSO) page and select the Provisioning tab.
- You'll see a Sync Now section with a button to trigger the manual sync.
- Click Sync Now to synchronize GitHub teams for all organization members.
The sync operation will process all organization members who have previously logged in with GitHub and update their team memberships accordingly.
Troubleshooting
If you encounter an error related to this, it indicates that you need to approve the Hanzo KMS OAuth application within your GitHub organization.
You can verify the application's approval status by navigating to https://github.com/organizations/__your-organization__/settings/oauth_application_policy. Replace __your-organization__ with the actual name of your GitHub organization.
How is this guide?
Last updated on