SAML.to can synchronize with GitHub Teams. Teams granted to roles in saml-to.yml will automatically be granted access. This simplifies onboarding and offboarding of users to just GitHub and eliminates needs to edit saml-to.yml when membership changes.

GitHub users can request temporary access to sensitive roles. Administrators can grant approval using Email or Slack.

Get access to Audit Logs for your organization, accounts, users. Learn and audit which users or repositories assumed what role and when they did it, and how often.

Log in to an Administrative Portal to visualize what roles are being assumed by which users or repositories and how often.

Prevent GitHub Tokens stored on systems from becoming too old. Set up occasional 2nd Factor Authentication (TOTP or SMS) to ensure the User is who they say they are.

Send messages to users when they are granted a new role. Inform users when their Access has been revoked. Inform Adminstrators when a particulary sensitive role has been assumed.

Receive Webhooks from SAML.to for advanced customization so your services can know when various things change, such as membership, configuration, role assumption, access requests, and so on.

Generate an API token for advanced customization of the SAML.to workflows for your own custom instrumentation.

Store your own Private Key and Certificate in saml-to.yml or GitHub Repository Secrets for SAML Assertions, instead of SAML.to storing it for you.