Infrastructure

GitHub

Ploy offers three methods to integrate with GitHub, depending on your organization's setup and security requirements.

Integration Methods

1. Ploy GitHub App (Non-Enterprise)

The default method for GitHub.com organizations using Ploy's hosted GitHub App.

Setup Steps

  1. Click Install GitHub App in the Ploy setup modal — this redirects to GitHub

  2. On GitHub, select the organization you want to connect

  3. Choose which repositories to grant access to (all or select)

  4. Click Install — GitHub redirects back to Ploy with the installation ID

  5. Enter your GitHub Organization Name (e.g. my-org)

Permissions are managed by Ploy's GitHub App — no manual configuration needed.

2. Enterprise — Personal Access Token (PAT)

For GitHub Enterprise Cloud, GHE.com, or self-hosted GitHub Enterprise Server.

Setup Steps

  1. Go to GitHub → SettingsDeveloper settingsPersonal access tokensTokens (classic)

  2. Click Generate new token (classic)

  3. Set a descriptive name (e.g. Ploy Integration)

  4. Select the following scopes:

    • read:enterprise

    • read:org

    • repo

  5. Click Generate token and copy it

  6. In Ploy, enable the GitHub Enterprise toggle

  7. Enter your GitHub Domain:

    • github.com for Enterprise Cloud

    • Your self-hosted domain for GHES (e.g. github.mycompany.com)

  8. Enter your Enterprise Slug — the enterprise account name from your URL (github.com/enterprises/your-slug)

  9. Select Personal Access Token (PAT) as the auth method

  10. Paste the token

The PAT must belong to an enterprise owner.

3. Enterprise — Customer Enterprise GitHub App

The most secure method. The customer creates and manages their own GitHub App installed on their enterprise.

A. Create the GitHub App

  1. Go to GitHub → SettingsDeveloper settingsGitHub AppsNew GitHub App

  2. Configure the app:

    • App name: e.g. Ploy Integration (your-company)

    • Homepage URL: your company URL

    • Webhook: uncheck "Active" (not needed)

  3. Set the following permissions:

    • Organization permissions:

      • Members: Read & Write

      • Administration: Read-only

    • Repository permissions:

      • Metadata: Read-only

  4. Click Create GitHub App

  5. Note the App ID from the app's settings page

B. Generate a Private Key

  1. On the app's settings page, scroll to Private keys

  2. Click Generate a private key

  3. A .pem file will download — keep this safe

C. Install the App

  1. From the app's settings page, click Install App in the sidebar

  2. Install on your enterprise account

  3. Install on each organization you want Ploy to scan

D. Configure in Ploy

  1. Enable the GitHub Enterprise toggle

  2. Enter your GitHub Domain (github.com for Enterprise Cloud, or your self-hosted domain)

  3. Enter your Enterprise Slug

  4. Select Enterprise GitHub App as the auth method

  5. Paste the App ID

  6. Paste the full contents of the Private Key .pem file (including BEGIN/END lines)

Associating GitHub Usernames to Employees

Because engineers typically use personal GitHub accounts, granting and revoking access can be difficult. Ploy associates GitHub accounts with employees in two ways.

1. Luna AI

Ask Luna to associate GitHub accounts with employees, and she'll recommend associations based on available data.

2. Manual Association

Through the Identities page, you can also associate GitHub accounts to team members manually. Ploy will then be able to automatically grant and revoke access going forward.

Employee Onboarding

When an engineer joins, a simple flow like the one below will automatically add the new member to the company GitHub account.

Ploy will know which personal GitHub username is linked to which employee, enabling automated account removal at offboarding.

Employee Offboarding

When an employee leaves, Ploy can automatically revoke their access to the company's GitHub account.

Was this helpful?