> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# 📜 GitHub integration

> C1 provides identity governance and just-in-time provisioning for GitHub. Integrate your GitHub instance with C1 to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access.

<Tip>
  **A newer version of this connector is available.** If you're setting up a GitHub connector with C1 for the first time, use the [v2 version](/baton/github).
</Tip>

## Availability

**An updated version of this integration is available.** This version of the connector is no longer available for new installation. If you're integrating GitHub for the first time, use the [updated version](/baton/github).

## Capabilities

* Sync user identities from GitHub to C1

* Resources supported:
  * Repositories
  * Teams (including nested teams)
  * Orgs

* Provisioning supported:
  * Team membership

### Requirements

Connecting to your GitHub environment, you will need:

* **Super Administrator** role in C1
* **Org Owner** access in GitHub

## Set up the GitHub integration

<Warning>
  This task requires either the **Connector Administrator** or **Super Administrator** role in C1.
</Warning>

<Steps>
  <Step>
    In C1, navigate to **Integrations** > **Connectors** > **GitHub**.
  </Step>

  <Step>
    If this is your first GitHub integration, the integration form opens automatically. Otherwise, click **Add connector**.
  </Step>

  <Step>
    Choose whether to add the new GitHub connector as a data source to an existing application (and select the app of your choice) or to create a new application.

    <Tip>
      **Do you SSO into GitHub using your identity provider (IdP)?** If so, make sure to add the connector to the GitHub app that was created automatically when you integrated your IdP with C1, rather than creating a new app.
    </Tip>
  </Step>

  <Step>
    Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.

    <Warning>
      A GitHub connector owner must have the following permissions:

      * **Connector Administrator** or **Super Administrator** role in C1
      * **Org Owner** access in GitHub
    </Warning>
  </Step>

  <Step>
    Click **Next**.
  </Step>
</Steps>

### Next steps

* **If you are the integration owner**, proceed to **Integrate your GitHub instance \[chosen method]** for instructions on integrating GitHub with C1.

* **If someone else is the integration owner**, C1 will notify them by email that their help is needed to complete the setup process.

<Tip>
  Choose the appropriate set of integration instructions based on the type of GitHub access token you want to use with C1:

  * Option 1: Use a [Personal access token (classic)](/baton/v1/github#option-1-integrate-your-github-instance-using-a-personal-access-token-classic)

  * Option 2: Use a [Fine-grained personal access token](/baton/v1/github#option-2-integrate-your-github-instance-using-a-fine-grained-access-token)
</Tip>

## Option 1: Integrate your GitHub instance using a personal access token (classic)

Follow these instructions to integrate your GitHub instance by using a [GitHub personal access token (classic)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#types-of-personal-access-tokens).

<Warning>
  A user with the **Connector Administrator** or **Super Administrator** role in C1 and **Org Owner** access in GitHub must perform this task.
</Warning>

<Tip>
  If you're using SAML single sign-on, avoid a `You must grant your Personal Access token access to this organization` error by following the [Authorizing a personal access token for use with SAML single sign-on](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on) instructions in the GitHub documentation.
</Tip>

### Step 1: Create a GitHub personal access token (classic)

<Steps>
  <Step>
    In GitHub, click your profile photo, then click **Settings**.
  </Step>

  <Step>
    In the left sidebar, select **Developer settings**.
  </Step>

  <Step>
    Click **Personal access tokens > Tokens (classic)**.
  </Step>

  <Step>
    Click **Generate new token > Generate new token (classic)**.
  </Step>

  <Step>
    Name your token (for example, **C1 Integration**). Optionally, add a token expiration date.
  </Step>

  <Step>
    Select the following **Scopes:**

    * **repo** - select all
    * **admin:org** - select all if using C1 for GitHub provisioning (see the note below), or **read::org** otherwise
    * **user** - select all

    <Warning>
      The **write::org** scope is used by C1 when automatically provisioning and deprovisioning GitHub access on your behalf. **If you do not want C1 to perform these tasks for you, do not give your token this scope.**
    </Warning>
  </Step>

  <Step>
    Click **Generate token**. Copy and save the new token. We'll use it in Step 3.
  </Step>
</Steps>

<Tip>
  If you use SAML SSO, you must authorize the PAT using [these instructions](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).
</Tip>

### Step 2: Locate your GitHub organization name

<Steps>
  <Step>
    In GitHub, click your profile photo, then click **Organizations**.
  </Step>

  <Step>
    Make a note of your **Organization name**. We'll use it in Step 3.
  </Step>
</Steps>

### Step 3: Add your GitHub credentials to C1

<Steps>
  <Step>
    In C1, navigate to **Integrations** > **Connectors** > **GitHub**.
  </Step>

  <Step>
    In the list of connectors, locate and click on the name of the connector with the **Not connected** label.
  </Step>

  <Step>
    Find the **Settings** area of the page and click **Edit**.
  </Step>

  <Step>
    In the **Organization** field, enter the name of your GitHub organization.
  </Step>

  <Step>
    Paste the token you generated in Step 1 into the **Personal access token** field.
  </Step>

  <Step>
    Click **Save**.
  </Step>

  <Step>
    The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
  </Step>
</Steps>

**Done.** Your GitHub connector is now pulling access data into C1.

## Option 2: Integrate your GitHub instance using a fine-grained access token

Follow these instructions to integrate your GitHub instance by using a [GitHub fine-grained personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#types-of-personal-access-tokens).

<Warning>
  A user with the **Connector Administrator** or **Super Administrator** role in C1 and **Org Owner** access in GitHub must perform this task.
</Warning>

<Tip>
  **Before you begin:** Make sure that your GitHub organization is set up to allow use of fine-grained personal access tokens by following the GitHub documentation on [Setting a personal access token policy for your organization](https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization).
</Tip>

### Step 1: Create a GitHub fine-grained access token

<Steps>
  <Step>
    In GitHub, click your profile photo, then click **Settings**.
  </Step>

  <Step>
    In the left sidebar, select **Developer settings**.
  </Step>

  <Step>
    Click **Personal access tokens > Fine-grained tokens**.
  </Step>

  <Step>
    Click **Generate new token**.
  </Step>

  <Step>
    Name your token (for example, **C1 Integration**) and set a token expiration date. Optionally, add a description.
  </Step>

  <Step>
    In the **Resource owner** dropdown, select the username associated with the GitHub organization you're integrating with C1.
  </Step>

  <Step>
    In the **Repository access** section of the page, select **All repositories**.
  </Step>

  <Step>
    In the **Permissions** section of the page, give the token the following permissions:

    * Organization permissions:

      * **Members**: Read and write access

    * Repository permissions:

      * **Administration**: Read and write access
      * **Metadata**: Read-only access

    <Warning>
      The repository permissions are used by C1 to sync and display data on repo membership (C1 cannot provision repositories). **If you do not want C1 to sync and display your GitHub organization's repo data, do not give your token these permissions.**
    </Warning>
  </Step>

  <Step>
    Click **Generate token**. Copy and save the new token. We'll use it in Step 3.
  </Step>
</Steps>

### Step 2: Locate your GitHub organization name

<Steps>
  <Step>
    In GitHub, click your profile photo, then click **Organizations**.
  </Step>

  <Step>
    Make a note of your **Organization name**. We'll use it in Step 3.
  </Step>

  <Step />
</Steps>

### Step 3: Add your GitHub credentials to C1

<Steps>
  <Step>
    In C1, navigate to **Integrations** > **Connectors** > **GitHub**.
  </Step>

  <Step>
    In the list of connectors, locate and click on the name of the connector with the **Not connected** label.
  </Step>

  <Step>
    Find the **Settings** area of the page and click **Edit**.
  </Step>

  <Step>
    In the **Organization** field, enter the name of your GitHub organization.
  </Step>

  <Step>
    Paste the token you generated in Step 1 into the **Personal access token** field.
  </Step>

  <Step>
    Click **Save**.
  </Step>

  <Step>
    The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
  </Step>
</Steps>

**Done.** Your GitHub connector is now pulling access data into C1.