Description
The GitHub Enterprise Server connector uses the GitHub REST API to discover organisation members, team memberships, and repository permissions within a self-hosted GitHub Enterprise Server (GHES) instance. It authenticates using a Personal Access Token (PAT) and provides visibility into developer and service account access across organisations and repositories.
System Type Classification
| Field | Value |
|---|
| System Type | Application |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | Personal Access Token (PAT) via Authorization: Bearer header |
What OrbisID Discovers
| Data | Source |
|---|
| Organisation members | GET /api/v3/orgs/{org}/members |
| Teams | GET /api/v3/orgs/{org}/teams |
| Team memberships | GET /api/v3/teams/{id}/members |
| Organisation roles | role field per member (member, admin) |
| Outside collaborators | GET /api/v3/orgs/{org}/outside_collaborators |
Connection Requirements
Required Permissions
Create a dedicated service account and generate a PAT with the required scopes.
Minimum PAT scopes:
read:org — read organisation memberships and team structuresread:user — read user profile information
Credential Mapping
| OrbisID Field | Value |
|---|
credential.password | Personal Access Token (PAT) |
system.hostname | GHES hostname (e.g., github.example.com) |
Network Requirements
The OrbisID server must have HTTPS access to the GitHub Enterprise Server on port 443.
Configuration Steps
- In GitHub Enterprise Server, create a dedicated service account user
- Generate a Personal Access Token: Settings → Developer settings → Personal access tokens
- Grant
read:org and read:user scopes
- Create a Credential in OrbisID:
- Password: Personal Access Token
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., GitHub Enterprise – Engineering) |
| OS Type | GitHubEnterprise |
| System Type | Application |
| Hostname | GHES hostname |
| Credential | The PAT credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
401 Unauthorized | Invalid or expired PAT | Regenerate the Personal Access Token |
| No organisations returned | PAT missing read:org scope | Regenerate PAT with the correct scopes |
403 Forbidden | Organisation SSO not authorised | Authorise the PAT for SAML SSO in the organisation settings |
| Cannot connect | GHES not reachable | Verify HTTPS connectivity on port 443 |