Skip to main content

Stack: GitHub Enterprise

Okta disaster recovery for teams running GitHub Enterprise through Okta

GitHub Enterprise federated through Okta means source control, CI/CD, and code review all sit behind the Okta authentication policy. A single bad policy or SCIM mapping change can knock the engineering org out of GitHub at the worst possible moment — mid-release, mid-incident, or during a security investigation.

Butterfly captures versioned snapshots of the Okta configuration governing GitHub Enterprise access — the SAML or OIDC app, the SCIM feed, assigned groups, sign-on policies, and Workflows automations. Restore preview shows the diff before any revert.

Book a 30-min demo with MickStart the free trial

What you get

How Butterfly fits GitHub Enterprise

GitHub SSO app is versioned

Every backup captures the Okta-side GitHub Enterprise app integration — SAML signing certificate, attribute mapping, assigned groups, and sign-on policy.

SCIM provisioning into GitHub orgs and teams

The Okta-to-GitHub SCIM connection is part of every snapshot. Team membership mappings and license-tier assignment are versioned.

Group rules drive GitHub team membership

Group rules are how most teams scale who-is-in-which-GitHub-team. Butterfly versions every rule. Restore preview tells you which GitHub-bound groups would change before any commit.

What goes wrong

Three incidents you have already seen variations of

Sign-on policy change blocks the engineering org during a release

A device-trust tightening intended for non-engineering caught the engineering group expression. The release engineer could not reach GitHub mid-deploy. Restore preview surfaces the policy diff and the affected population.

SCIM team-mapping change strips repository access

A SCIM attribute mapping change moved a population to a different GitHub team with no access to the active release repo. Restore preview surfaces the mapping delta.

Workflows flow disabled — new engineers never reach GitHub

An Okta Workflows automation that pushed new hires into the github-engineering group silently disabled itself. New engineers had GitHub accounts but no repo access. Restore preview restores the flow.

Honest scope

What Butterfly captures — and what it does not

In scope

The Okta-side configuration governing GitHub Enterprise access: the GitHub SAML / OIDC app integration, attribute mappings, SCIM provisioning configuration, assigned users and groups, group rules driving team membership, sign-on policies, and Workflows automations.

Out of scope

We do not back up GitHub repositories, branch protection rules, GitHub Actions secrets, or any GitHub-side state. GitHub-side backup is owned by purpose-built tools or git itself.

Plans

Free, Standard, or Business

Free

$0 / forever

  • 1 Okta connection
  • 7-day retention
  • 1 total backup
  • No credit card

Standard

$1 / user / month — $99 minimum

  • 2 Okta connections
  • 90-day retention
  • Restore preview + dry-run
  • Audit Pack PDF (framework-filterable)

Business

$2 / user / month — $299 minimum

  • Unlimited Okta connections
  • Unlimited retention
  • Continuity (warm standby)
  • Priority restore support

Pricing reference: /upgrade. Provider coverage today: Okta, Okta Workflows, Auth0.

Regulatory shape

Compliance and audit angle

SOC 2 CC6 (logical access), ISO 27001 A.5.16 (identity management), and SLSA / supply-chain expectations all assume the identity layer governing source-control access is restorable.

Butterfly's own SOC 2 Type II work is in progress; current status lives in the Trust Center.

Frequently asked

FAQ

Does Butterfly back up GitHub repositories?

No. Butterfly backs up the Okta configuration governing GitHub access. Repository backup is owned by git itself or by purpose-built tools.

Does this cover GitHub Enterprise Cloud and Server?

Butterfly captures the Okta-side configuration. Both deployment models are supported on the Okta side.

Can we restore a single SCIM mapping without reverting other apps?

Yes. Restore preview lets you pick the scope before committing.

Recover your Okta org in minutes, not hours

Talk to Mick (the founder) for a 30-minute demo, or start the free trial. No credit card for the free tier.

Book a 30-min demo with MickStart the free trial

More stacks

Okta DR for other stacks

AWS infrastructureDatabricksSnowflakeSalesforceHubSpotMicrosoft 365Google WorkspaceSlackJira SoftwareNotionZoomDatadog1Password BusinessGitHub + Okta SSOAWS IAM Identity CenterSalesforce + Okta SSOAtlassian stackFinancial servicesHealthcare provider

Trust posture, subprocessors, and security details: Trust Center.