Vault github auth teams and policies

I am following the instructions in the documentation on this subject:

I’ve set token policies at the organization level and when I authenticate using the Github personal access token (PAT) I see those policies, however, my Github user belongs to a team called “development”, and I defined a policy called “protobuilder”. I ran the following:

vault write auth/github/map/teams/development value=protobuilder

Then I logged in as the user in the development team with that user’s PAT
vault login -method=github
GitHub Personal Access Token (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run “vault login”
again. Future Vault requests will automatically use this token.

Key Value


token s.mmiXoCic0RmgFdclNSyWTbYy
token_accessor PvS9jv1j0JL3TDQiLtPTPLaw
token_duration 768h
token_renewable true
token_policies [“default” “tbctsystems”]
identity_policies
policies [“default” “tbctsystems”]
token_meta_org TBCTSystems
token_meta_username devopsrvc

I am not seeing the protobuilder policy assigned. Any idea what I missed?

Okay, it looks as if the issue was on the Github side. I needed to enable SSO on the PAT. Of course I only got to this after posting here.