External group for github auth without team

I’m setting up Vault and using github auth to allow all users from an organisation to access secrets using their PAT.

I’ve created a Vault external group for that github organisation, but is it mandatory that all users of the github organization are in the github team named like the group, or is there a way to allow all the users of the github organization without assigning them to a team ?

except in the learn tutorial, i can’t find documentation about that.


Hi @pciavald!

It depends whether you want to assign certain GitHub users from your organization specific policies.
If you just want to grant all users from your GitHub organization a set of policies then you can do that with the token_policies parameter (https://www.vaultproject.io/api-docs/auth/github/#inlinecode-token_policies-17) while configuring your GitHub Auth backend.


1 Like

Thanks for your answer @michelvocks ! I’ve set it up using the UI, is it the same as assigning the policy to the auth method through the UI or should i redo it using the cli ?

There are no differences between ui, cli and api.