Single Sign-On (SSO) with GitHub

MantisHub supports single sign-on (SSO) with GitHub. This allows you to access your MantisHub account using your GitHub login credentials.  

As well as adding convenience this can also provide extra security. GitHub supports two-factor authentication (2FA), so you may wish to have your users access MantisHub via GitHub for a higher level of data security.

Firstly, administrators will need to install the AuthHub plugin. Head to Manage - Manage Plugins and click the install button next to the AuthHub plugin listed in 'Available Plugins'.




Next, you need to define GitHub as your provider. Head to Manage - Manage Configuration and add the following config option:

Config Option:    plugin_AuthHub_federation_provider

Type:                  string

Value:                 github


You'll now see the option at the bottom of your login screen to connect into MantisHub with any of our supported provider accounts including GitHub. 


When you click on GitHub, it will require you to allow MantisHub to access your account. You'll need to allow access on the consent forms displayed.  This should be a one time prompt.




The registered email in MantisHub for a user must match a verified email address (primary or secondary) with Github.


There are also several options you can configure with regards to SSO, including locking a list of users or domains to user GitHub Login and turning on auto-provisioning (off by default). 


Configuration Options

Below are the configuration options for your AuthHub setup. To enter the configurations, an administrator can set this up from the web UI.  Head to the Manage - Manage Configuration - Configuration Report page and create the relevant configuration option.




Authentication Provider

Set the provider for SSO to github:

Config Option:    plugin_AuthHub_federation_provider

Type:                  string

Value:                 github


Lock users to Provider Authentication

To define users you wish to have ONLY use your provider authentication, create the following configuration.  You can specify list of users, domains, or a mix:

Config Option:    plugin_AuthHub_federation_force_list

Type:                  complex

Value:                 array()     <within brackets specify list of usernames, email addresses or domains. e.g. jsmith, or>


Permit users to use both credentials 

To define a list of users allowed to still use their MantisHub login as well as provider authentication, create this configuration option. Note that this list has higher precedence over the force list. It is useful for administrator who may need to disable or troubleshoot sign-on federation issues.

Config Option:    plugin_AuthHub_allow_password_login

Type:                  complex

Value:                 array()     <within brackets specify list of usernames, email addresses or domains. e.g. jsmith, or>


Login Session Lifetime

To define the login session lifetime in seconds for users who log in via a federated provider, create this configuration option:

Config Option:    plugin_AuthHub_federation_session_lifetime

Type:                  integer

Value:                 <lifetime in seconds, default is 86400 (24hrs). Enter 0 to expire the session when the browser is closed.>



To enable auto-provisioning for users not already in MantisHub, create the following configuration option. Auto-provisioning will be based on sign-in information. 

Config Option:    plugin_AuthHub_provisioning_enabled

Type:                  integer

Default:              0

Value:                 1


To limit the domains for auto-provisioning:

Config Option:    plugin_AuthHub_provisioning_domains

Type:                  complex

Value:                 array( '', '' )


To define provisioning global access level for auto-provisioned accounts which applies to public projects:

Config Option:    plugin_AuthHub_provisioning_global_access_level

Type:                  integer

Value:               see access levels article   


To define a default access level per project (This is necessary for private projects and cases where project access level is not equal to global access level specified in `provisioning_global_access_level`).

Config Option:    plugin_AuthHub_provisioning_project_access_level

Type:                  complex

Value:                 array( 'project1' => 'REPORTER', 'project2' => 'DEVELOPER' )


And you're done! Now you can go make yourself a hot cocoa :)


Have more questions? Submit a Request


Powered by Zendesk