Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Integrate Skyhigh CASB with OAuth App for GitHub

  1. Last updated
  2. Save as PDF
Limited Availability: GitHub integration is a Limited Availability feature. To enable API access for your GitHub instance, contact Skyhigh Support.

Prerequisites

Before you enable API for Github, the following prerequisites are required:

  • Enable the feature by reaching out to your Sales Representative to get the tenant ID administrator login credentials.
  • Get the admin credentials for Github hosted on the cloud.  
  • Get a list of Github organizations to be monitored.  
  • Make sure that the admin has the owner role in the organizations to be monitored.
  • If GitHub is enabled with IP address restriction, you must whitelist the Skyhigh IP addresses to receive GitHub events. To whitelist the Skyhigh IP addresses, contact Skyhigh Support.

Integrate Skyhigh CASB with GitHub

Follow the below steps to integrate Skyhigh CASB with GitHub:

► Create GitHub instance in Skyhigh CASB
  1. Log in to Skyhigh CASB.
  2. Go to Settings > Service Management.
  3. Click Add Service Instance.

    Add_ServiceInstance.png
  4. Select GitHub For Business, and enter a unique name for the instance.
  5. Click Done.

    Select_GitHubService_ClickDone.png
► Enable GitHub API access in Skyhigh CASB
  1. In Skyhigh CASB, go to Settings > Service Management.
  2. Select the newly created GitHub instance from the list of Services.
  3. Go to the Setup tab, and then click Enable.

    Click Enable API.png
     
  4. On the Provide API Credentials page, click Provide API Credentials.

    Click_ProvideAPICRedentials.png
     
  5. On the Provide API Credentials page, enter your Github credentials in the email and password fields, and then click Submit.
► Authorize the GitHub instance
  1. After entering your GitHub credentials, you are redirected to Authorize Skyhigh CASB For Github page. The following permissions are required for Github:
    • Organization webhooks. Required Read and Write permission.
    • Organization and teams. Required Read-Only permission.
    • Repositories. MVISION Github requires Read permission only. But Github doesn't provide any granular level permission for Read-Only, so it is set to Read and Write. For more details, refer to Github documentation and see Scopes for OAuth Apps.

      1.png
       
  2. Click Authorize instance.

Once these permissions are authorized, Skyhigh CASB receives Github events.

► Validate Skyhigh CASB Authorization in Github
  1. Log in to the Github console.
  2. Under Authorized OAuth Apps, you can view the Github enabled for Skyhigh CASB application.

    2.png
     
  3. Click Skyhigh CASB For Github to view the permissions and Organization access.

    w3.png

Add GitHub Organizations

To add GitHub organizations for monitoring, perform the following:  

  1. Disable API access for GitHub in Skyhigh CASB. 
  2. Go to GitHub user Settings > Applications > Authorized OAuth application and revoke the Skyhigh CASB application.  
  3. Enable API access and grant permissions for additional organizations.  
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Github