# GitHub Application Integration Setup ### Getting started BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts. #### Requirements * ***Personal Access Token*** * ***Organization Name*** ### Getting your Configuration To connect your GitHub account, you’ll need to create a **Personal Access Token (PAT)**. GitHub offers two types of tokens: * Fine-grained tokens (Recommended) * Classic tokens ### Option 1: Fine-Grained Personal Access Token (Recommended) Fine-grained tokens provide better security and more control over access. #### Steps 1. Go to **GitHub Settings → Developer Settings → Personal Access Tokens → Fine-grained tokens** 2. Click **Generate new token** 3. Select the **organization** you want to integrate 4. Under **Repository access**: * Choose **All repositories** (recommended for complete data visibility) * If selecting specific repositories, ensure you include *all* repositories you want reflected in the dashboard 5. Enable the following repository permissions: | Permission | Access level | | -------------- | ------------ | | Metadata | Read | | Administration | Read | 5. Enable the following Organization permissions: | Permission | Access level | | ---------- | ------------ | | Members | Read | ### Option 2: Classic Personal Access Token If you prefer using a classic token: #### Steps 1. Go to **GitHub Settings → Developer Settings → Personal Access Tokens → Tokens (classic)** 2. Click **Generate new token** 3. Select the required scopes as shown in the reference image

#### Authorizing a personal access token for use with SAML single sign-on To use a personal access token (classic) with an organization that uses SAML single sign-on (SSO), you must first authorize the token. For the personal access token, you'd like to authorize, click **Configure SSO**. If you don't see Configure SSO, ensure that you have authenticated at least once through your SAML IdP to access resources on GitHub.com. For more information, see "[About authentication with SAML single sign-on](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)."

More details [here](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on). ### Configure GitHub in your BalkanID tenant 1. Login to the BalkanID application and switch to the tenant you would like to add your integration to. 2. Head to *Integrations* > **Add Integration**, select **Github.**

3. Set up the *Primary Application owner (mandatory)* and the *Description*, if any. Set up Secondary Application Owner(s), if any.
Select the Extraction Type. From here, you can configure your application using one of the following methods: 1. **Direct integration** - Provide your Github Personal Access Token and Organization obtained above to set up a direct connection with BalkanID. 2. **SCIM integration** - Provide SCIM server credentials to set up a SCIM connection with BalkanID. 3. **Manual file upload** - Upload Entity and Entity Relations through a .CSV file upload. Contact the team for assistance with this. 4. **Automated upload using API -** You can upload data using our [Bulk APIs](https://developer.balkan.id/) with the help of an API key which will be provided to you. Please refer to the [entity](https://developer.balkan.id/bulk-entities-upload-api-early-access-12828095e0) and [entity relation](https://developer.balkan.id/bulk-entity-relations-upload-api-early-access-12828102e0) upload docs for specific instructions on uploading your data through the API.

4. Click on next to move onto *Optional Configuration.* 5. Fill **Optional configuration,** if required.

6. Once you filled in the information, click **Save**. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the *Integrations* page. When data is available, the integration Status will read **Connected** and the integration Message will read **Data available**. ### Integration Scopes | Read Only (Access Review) Scopes | Lifecycle Management Scopes | | ------------------------------------- | ------------------------------------- | | repo | repo | | write:packages -> read:packages | write:packages -> read:packages | | admin:org -> read:org | admin:org | | admin:public\_key -> read:public\_key | admin:public\_key -> read:public\_key | | admin:repo\_hook -> read:repo\_hook | admin:repo\_hook -> read:repo\_hook | | user | user | | admin:enterprise -> read:enterprise | admin:enterprise | | audit\_log | audit\_log | | project | project | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.balkan.id/getting-started/setting-up-your-tenant/application-integrations/direct-application-integration/github-application-integration-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.