# GitHub SSO Setup > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [streaming-full.txt](https://docs.redpanda.com/streaming-full.txt) --- title: GitHub SSO Setup latest-redpanda-tag: v24.3.9 latest-console-tag: v3.7.3 latest-operator-version: v26.1.4 # EOL = End-of-Life (support lifecycle status) page-is-nearing-eol: "false" page-is-past-eol: "true" page-eol-date: December 3, 2025 latest-connect-version: 4.93.0 docname: config/security/github page-component-name: streaming page-version: "24.3" page-component-version: "24.3" page-component-title: Streaming page-relative-src-path: config/security/github.adoc page-edit-url: https://github.com/redpanda-data/docs/edit/v/24.3/modules/console/pages/config/security/github.adoc description: Integrate Redpanda Console with GitHub to allow your users to use their GitHub identities to sign-in to Console. page-git-created-date: "2024-09-11" page-git-modified-date: "2024-09-11" support-status: past end-of-life --- > 📝 **NOTE** > > This feature requires an [enterprise license](https://docs.redpanda.com/streaming/24.3/get-started/licensing/overview/). To get a trial license key or extend your trial period, [generate a new trial license key](https://redpanda.com/try-enterprise). To purchase a license, contact [Redpanda Sales](https://redpanda.com/upgrade). > > If Redpanda Console has enterprise features enabled and it cannot find a valid license either in its [local configuration](https://docs.redpanda.com/streaming/24.3/console/config/enterprise-license/) or in the [connected Redpanda cluster](https://docs.redpanda.com/streaming/24.3/get-started/licensing/add-license-redpanda/), it redirects you to the license expiration landing page, and all other access is restricted. Integrating Redpanda Console with GitHub allows your users to use their GitHub identities to sign-in to Console. This guide assumes you already have a GitHub account and permissions to create Applications within your organization. ## [](#prerequisites)Prerequisites You must create an OpenID Connect (OIDC) application for your GitHub account. Follow this [GitHub guide](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) to create an OAuth application at GitHub. You can create the OAuth application either under your personal account or under any organization you have admin access to. As you create the GitHub OAuth app, provide the following inputs when you are asked for them: > 📝 **NOTE** > > The following configurations are based on the assumption that you want to host Redpanda Console so it is accessible from `https://console..com`. - **Application name:** Choose a descriptive name for your specific Console deployment (for example Console Analytics Prod) - **Homepage URL:** `https://console..com` - **Authorization callback URL:** `https://console..com/login/callbacks/github` - **Enable device flow:** False / Not selected ## [](#edit-the-console-configuration-file)Edit the console configuration file Edit the console configuration file associated with your deployment method and incorporate the details from your client application. For example, Kubernetes deployments use the `values.yaml` file. Linux deployments use the `redpanda-console-config.yaml` file, which is in `/etc/redpanda`. ```yaml login: enabled: true # jwtSecret is the secret key you must use to sign and encrypt the JSON # web token used to store user sessions. This secret key is # critical for the security of Redpanda Console's authentication and # authorization system. Use a long, complex key with a combination of # numbers, letters, and special characters. The minimum number of # characters is 10, but Redpanda recommends using more than 32 # characters. For additional security, use a different secret key for # each environment. jwtSecret can be securely generated with the following # command: LC_ALL=C tr -dc '[:alnum:]' < /dev/random | head -c32 # # If you update this secret key, any users who are # already logged in to Redpanda Console will be logged out and will have # to log in again. jwtSecret: "" github: enabled: true clientId: "" # ClientSecret is sensitive. You can provide this config also via the # the environment variable LOGIN_GITHUB_CLIENTSECRET clientSecret: "" # The directory config is only required if you want to use GitHub # teams in your role bindings. Described further in the next section. # directory: # personalAccessToken: "" ``` ## [](#rbac-github-teams-sync)RBAC GitHub teams sync If you want to bind roles to GitHub teams from an organization you have to setup a personal access token in GitHub, so that Redpanda console can retrieve groups and their memberships using the GitHub API. The personal access token has to be created on an account that has permissions to view groups in your desired GitHub organization. Follow [GitHub documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create the personal access token. When you select the scopes and permissions make sure to include `read:org` and `user:email`. ```yaml login: github: # The directory config is only required if you want to use GitHub # teams in your role bindings. directory: personalAccessToken: "" ``` ## [](#define-role-bindings)Define role-bindings When you set up the GitHub login configuration, you can bind GitHub users or groups to roles. Following is a sample role binding: ```yaml roleBindings: - metadata: name: Developers subjects: - kind: group provider: GitHub name: console-developers # GitHub team name organization: redpanda-data # GitHub organization name - kind: user provider: GitHub name: weeco # GitHub handle roleName: editor ``` ## Suggested labs - [Enable Unified Identity with Azure Entra ID for Redpanda and Redpanda Console](https://docs.redpanda.com/labs/docker-compose/oidc/) [Search all labs](https://docs.redpanda.com/labs)