A Concourse server can authenticate against GitHub to leverage their permission model and other security improvements in their infrastructure.
First, you'll need to create an OAuth application on GitHub.
The "Authorization callback URL" must be the URL of your Concourse server with
/sky/issuer/callback appended. This address must be reachable by GitHub - it can't be
For example, Concourse's own CI server's callback URL would be:
You will be given a Client ID and a Client Secret for your new application. The client ID and secret must then be configured on the
web node by setting the following env:
Note that the client must be created under an organization if you want to authorize users based on organization/team membership. If the client is created under a personal account, only individual users can be authorized.
If you're configuring GitHub Enterprise, you'll also need to set the following env:
The GitHub Enterprise host must not contain a scheme, or a trailing slash.