> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Set up a GitHub Enterprise Cloud connector > C1 provides identity governance and just-in-time provisioning for GitHub Enterprise Cloud. Integrate your GitHub Enterprise Cloud instance with C1 to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access. ## Capabilities | Resource | Sync | Provision | | ------------- | ------------------------------------------------------------- | ------------------------------------------------------------- | | Enterprise | | | | Organizations | | | | Users | | | | Teams | | | | Repositories | | | **Additional functionality:** The GitHub Enterprise Cloud connector supports account provisioning by inviting new users directly to the enterprise as unaffiliated members. ## Gather GitHub Enterprise Cloud credentials Use a GitHub App, not a personal access token. The app must be installed on the enterprise and on each organization and repository set that C1 will sync or manage. Enterprise installation alone does not grant organization or repository API access. Copy the GitHub Enterprise Cloud enterprise slug. Create or select a GitHub App that is installed on the enterprise. Grant the enterprise installation read access for enterprise members and organizations. If C1 should discover organization installations, also grant read access for enterprise organization installations. To invite new members through C1, also grant **Enterprise people management** write access on the enterprise installation. Install the same GitHub App on each organization that C1 should sync. Grant **Members** read access for sync, or **Members** write access if C1 should invite users or manage organization and team membership. Grant repository **Metadata** read access and **Administration** read access for repository access sync. Use **Administration** write access if C1 should manage repository collaborators or team repository access. Copy the GitHub App ID. Download the GitHub App private key. Copy the enterprise installation ID for the GitHub App. ## Configuration fields | Field | Required | Description | | --------------------- | -------- | --------------------------------------------------- | | `enterprise-slug` | Yes | The slug of the GitHub Enterprise Cloud enterprise. | | `app-id` | Yes | The App ID of the GitHub App. | | `app-privatekey-path` | Yes | The GitHub App private key file. | | `installation-id` | Yes | The GitHub App installation ID on the enterprise. | ## Synced resource types * **Enterprise**: the configured enterprise, with member and owner grants. * **Organizations**: organizations in the enterprise, with member and admin grants. * **Users**: organization members discovered across synced organizations. * **Teams**: organization teams, with member and maintainer grants. * **Repositories**: organization repositories, with pull, triage, push, maintain, and admin grants for users and teams. ## Special notes * Team maintainers are also emitted as team members. * Repository team grants are expandable through the corresponding team member and maintainer entitlements. * Organization provisioning currently supports revocation. Revoking an organization member removes that user from the organization; revoking an organization admin demotes the user to member. * Account provisioning invites the user as an unaffiliated enterprise member via the `inviteEnterpriseMember` GraphQL mutation; no org is required. The account profile must include an email or a GitHub login. ## Configure the GitHub Enterprise Cloud connector Follow these instructions to use a built-in, no-code connector hosted by C1. In C1, navigate to **Integrations** > **Connectors** and click **Add connector**. Search for **GitHub Enterprise Cloud** and click **Add**. Choose how to set up the new GitHub Enterprise Cloud connector. Set the owner for this connector. Click **Next**. Find the **Settings** area of the page and click **Edit**. Paste the GitHub Enterprise Cloud credentials into the relevant fields: * **Enterprise slug**: The GitHub enterprise slug. * **GitHub App ID**: The GitHub App ID. * **GitHub App private key**: The private key file for the GitHub App. * **GitHub App installation ID**: The enterprise installation ID. Click **Save**. The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing. **Done.** Your GitHub Enterprise Cloud connector is now pulling access data into C1. Follow these instructions to run the GitHub Enterprise Cloud connector in your own environment. In C1, navigate to **Integrations** > **Connectors** and click **Add connector**. Search for **Baton** and click **Add**. Choose how to set up the new GitHub Enterprise Cloud connector, set the owner, and click **Next**. In the **Settings** area, click **Edit**, then click **Rotate** to generate a new Client ID and Client Secret. Store these values securely for your deployment. Configure C1 credentials and GitHub Enterprise Cloud settings as environment variables: ```bash theme={"theme":{"light":"css-variables","dark":"css-variables"}} BATON_CLIENT_ID= BATON_CLIENT_SECRET= BATON_HOST_ID=baton-github-enterprise-cloud BATON_ENTERPRISE_SLUG= BATON_APP_ID= BATON_INSTALLATION_ID= BATON_APP_PRIVATEKEY_PATH=/var/run/secrets/github-app-private-key.pem ``` Mount the GitHub App private key at the path configured in `BATON_APP_PRIVATEKEY_PATH`. Deploy the connector using the Public ECR image: ```bash theme={"theme":{"light":"css-variables","dark":"css-variables"}} public.ecr.aws/conductorone/baton-github-enterprise-cloud: ``` Use a version tag without the leading `v`, such as `0.0.3`. **Done.** Your GitHub Enterprise Cloud connector is now pulling access data into C1.