Secure Internet and SaaS Access (ZIA)
Integrating with GitHub
You can connect your GitHub organization to Zscaler 3rd-Party App Governance to gain continuous visibility and governance for third-party apps installed in the GitHub environment.
Prerequisite
A user with an Organization Owner role in the relevant GitHub organization is required to connect 3rd-Party App Governance to your GitHub organization.
Connecting GitHub to 3rd-Party App Governance
To connect your GitHub organization to 3rd-Party App Governance:
- Click the Connect icon in the left-side navigation.
The Integrations window appears.
- In the Integrations window, click Add next to GitHub. You are prompted to sign in if you haven't already done so.
The authorization window appears.
The authorization window appears only for some organizations that require authentication before authorizing the app.
- Click Authorize.
A consent window appears, and you can see a detailed list of permissions and data here.
- In the consent window, click Authorize.
The Authorize App window appears.
- In the Authorize App window, click the green check mark button to authorize the app.
After connection is achieved, it might take a while to pull and ingest all relevant application data depending on the size of your tenant. During this time, a message is displayed that the domain is still being processed. After integration is completed, a success message appears, and the number of domains is updated. You then receive an email from Zscaler when the domain is ready for further review. To learn more about the integration statuses of a domain, see Status.
Viewing and Managing GitHub Integration
You can click GitHub in the Integrations window to expand and view the list of added domains along with information such as First connected, Last Synced, and Status.
- Domain: The name of the domain integrated with 3rd-Party App Governance.
- First connected: The date and time the domain was added, and the person who added the domain.
- Last Synced: The date and time the domain was last synced. If the domain has yet to sync, N/A is displayed. If the duration of the sync is excessive, the last sync time is highlighted in red.
When there are multiple domains, 3rd-Party App Governance displays the last sync with the most excessive time duration to indicate an issue so you can expand, view the domain, and take the relevant actions.
- Status: The integration status of the recently added domain. One of the following statuses is displayed:
- Error: Failure to achieve a connection. The error message displays the reason for the failure. Contact Zscaler Support if you require further assistance.
- In progress: Connection is achieved and 3rd-Party App Governance is ingesting the relevant data. It might take a while to pull and ingest all relevant application data depending on the size of your tenant. During this time, a message is displayed that the domain is still being processed. You then receive an email from Zscaler when the domain is ready for further review.
- Success: The integration is completed successfully and the last sync time is updated.
Reconnecting GitHub to 3rd-Party App Governance
You might need to reconnect GitHub to 3rd-Party App Governance if an error is displayed (e.g., Grant Expired).
To reconnect GitHub to 3rd-Party App Governance:
- Click GitHub in the Integrations window to expand and view the list of added domains.
- Click the Reconnect icon next to the relevant domain.
A confirmation window appears.
- Click Confirm to continue.
A consent window appears. After consent is granted, the connection is updated.
Deleting a GitHub Connection
You can delete a GitHub connection to 3rd-Party App Governance. To delete a GitHub connection:
- Click GitHub in the Integrations window to expand and view the list of added domains.
- Click the Delete icon next to the relevant domain.
A confirmation window appears.
- Click Confirm to continue.
The connection is successfully deleted.
Permissions and Data Collected
The following table lists the permissions and data collected after integration.
Which permissions do we use? | What data do we get? |
read:org | Read-only access to organization membership, organization projects, and team membership |
user:email | Grants read access to a user's email addresses |
read:audit_log | Grants read access to the audit log data |