Skip to content

Commit 57a21fb

Browse files
Copilotgmondellosunbrye
authored
Document required OAuth callback URL for Azure subscription connections (#59426)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: gmondello <72952982+gmondello@users.noreply.github.com> Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com>
1 parent 39a367d commit 57a21fb

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

content/admin/data-residency/network-details-for-ghecom.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,28 @@ Japan region:
215215
* `prodjpw01resultssa2.blob.core.windows.net`
216216
* `prodjpw01resultssa3.blob.core.windows.net`
217217

218+
### OAuth callback URL for connecting an Azure subscription for billing
219+
220+
When you connect or update an Azure subscription for billing, you must allow access to the following URL:
221+
222+
* `https://github.com/enterprises/oauth_callback`
223+
224+
This URL is required during the OAuth authentication flow that occurs when:
225+
226+
* Connecting an Azure subscription to your enterprise for the first time
227+
* Changing or updating an existing Azure subscription connection
228+
229+
> [!IMPORTANT]
230+
> * The URL must be allowed with all query parameters, for example `https://github.com/enterprises/oauth_callback?code=...`
231+
> * After the Azure subscription is successfully connected and the subscription ID is stored, you can remove this URL from your allowlist
232+
> * To change or update your Azure subscription, you must add the URL back to your allowlist
233+
234+
The OAuth flow works as follows:
235+
236+
1. The user starts the connection process on `SUBDOMAIN.ghe.com`
237+
1. Azure redirects to `https://github.com/enterprises/oauth_callback` to complete the OAuth flow
238+
1. The system redirects back to `SUBDOMAIN.ghe.com` to finalize the connection
239+
218240
## IP ranges for {% data variables.product.prodname_importer_proper_name %}
219241

220242
If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).

0 commit comments

Comments
 (0)