Overview

Use this guide if you are a ChatGPT workspace admin setting up the GitHub Enterprise app template for your organization. A template is not the final app that members use. It is a setup flow that creates a workspace-specific draft app after you provide the required GitHub Enterprise configuration.

For GitHub Enterprise, setup connects ChatGPT to your organization's GitHub Enterprise host. You create a GitHub App, register the ChatGPT callback URL, generate credentials, then paste those values into the ChatGPT template setup flow. After ChatGPT creates the draft app, you can publish it and manage it like other workspace apps.

What you are setting up

You are creating a workspace-specific GitHub Enterprise app in ChatGPT. The app uses:

• A GitHub App registered on your GitHub Enterprise host.

• The GitHub App client ID and client secret for user OAuth authorization.

• The GitHub App private key so ChatGPT can mint installation tokens for repository operations.

• A webhook secret and webhook URL so GitHub Enterprise can send installation and repository events back to ChatGPT.

• Your GitHub Enterprise hostname, such as github.example.com.

Create a GitHub App, not a standalone GitHub OAuth App. The ChatGPT template setup requires GitHub App credentials, a private key, and webhook settings.

Before you start

You need:

• ChatGPT workspace admin or owner access.

• GitHub Enterprise admin or organization-owner access that can create and install GitHub Apps.

• The GitHub Enterprise hostname only, without https:// or a path.

• A decision about which repository actions ChatGPT should support, such as read-only repository search, pull request workflows, issue workflows, file edits, GitHub Actions, or broader Codex workflows.

• A secure place to handle the GitHub App private key and client secret.

Keep ChatGPT and GitHub Enterprise open in separate tabs. Do not invent the callback URL. Copy the exact callback URL shown in ChatGPT.

Values to prepare

• GitHub Enterprise hostname: for example, github.example.com.

• Callback URL: copy this from the ChatGPT template setup flow.

• GitHub App client ID.

• GitHub App client secret.

• GitHub App private key PEM.

• Webhook secret generated by ChatGPT.

• Webhook URL generated after the draft app is created in ChatGPT.

Start the template setup in ChatGPT

1. In ChatGPT, switch to the workspace where the app should be available.

2. Open Workspace settings > Apps.

3. Select Directory.

4. Search for GitHub Enterprise.

5. Select the GitHub Enterprise app template and start setup.

6. Enter a clear app name and description, such as GitHub Enterprise or GitHub Enterprise - Engineering.

7. Enter the GitHub Enterprise hostname, such as github.example.com.

8. Copy the callback URL shown in ChatGPT. Keep this tab open.

9. Copy the generated webhook secret if it is shown during setup.

Example callback URL: https://chatgpt.com/connector/oauth/<callback_id>

Do not remove the callback ID, add a trailing slash, or replace it with a generic ChatGPT URL.

Create the GitHub App in GitHub Enterprise

1. Open your GitHub Enterprise host, such as https://github.example.com.

2. Go to the organization or account that should own the app.

3. Open Settings > Developer settings > GitHub Apps.

4. Select New GitHub App.

5. Enter a clear app name, such as ChatGPT GitHub Enterprise Connector.

6. Enter a homepage URL. If there is no dedicated internal page, use the GitHub Enterprise organization URL.

7. In Callback URL, paste the exact callback URL copied from ChatGPT.

8. Keep Expire user authorization tokens enabled unless your security team has a specific reason to change it.

9. Enable Request user authorization during installation so users can authorize the app during the install or connect flow.

10. Under Where can this GitHub App be installed?, choose the narrowest option that fits your rollout.

11. Create the GitHub App.

Configure permissions and events

Choose the minimum permissions required for the ChatGPT actions you plan to enable.

For read-only repository discovery and Q&A, start with read permissions such as:

• Metadata: read-only. GitHub requires metadata for GitHub Apps.

• Contents: read-only, for file and repository content access.

• Issues: read-only, if issue search or issue reading is needed.

• Pull requests: read-only, if pull request search or review context is needed.

• Actions: read-only, if workflow run status, jobs, logs, or artifacts are needed.

For write workflows, add write permissions only where needed, such as Contents, Pull requests, Issues, Actions, or Workflows. Use the narrowest permissions that support the intended ChatGPT actions.

Webhook events should match the workflows you support. Common events include Installation, Installation repositories, Push, Pull request, Issues, Issue comment, Workflow run, and Workflow job.

Generate and copy GitHub App credentials

1. In the GitHub App settings, copy the Client ID.

2. Generate a Client secret and copy it immediately.

3. Under Private keys, generate a private key.

4. Download the .pem file and store it securely.

5. Open the .pem file locally and copy the full PEM text, including the begin and end lines.

The private key is sensitive. Treat it like a credential. If it is exposed, generate a new private key, update the ChatGPT app setup, and delete the compromised key in GitHub Enterprise.

Finish setup in ChatGPT

1. Return to the ChatGPT template setup tab.

2. Paste the GitHub App Client ID into OAuth client ID.

3. Paste the GitHub App Client secret into OAuth client secret.

4. Leave Scopes unchanged unless your organization intentionally needs to override the template defaults.

5. Confirm the GitHub Enterprise hostname is hostname-only, such as github.example.com.

6. Paste or upload the GitHub App private key PEM into GitHub App private key.

7. Confirm the generated webhook secret is present.

8. Create the draft app.

9. Open the created draft app details in ChatGPT and copy the generated webhook URL.

The webhook URL should look like: https://connectors.api.openai.org/connectors/<connector_id>/webhook

Finish webhook setup in GitHub Enterprise

1. Return to the GitHub App settings in GitHub Enterprise.

2. Open the GitHub App General settings.

3. Enable Active webhooks if they are not already enabled.

4. Paste the ChatGPT webhook URL into Webhook URL.

5. Paste the ChatGPT webhook secret into Webhook secret.

6. Keep SSL verification enabled.

7. Confirm the subscribed webhook events match the permissions and actions you enabled.

8. Save changes.

Publish and manage the app in ChatGPT

Creating the draft app does not automatically make it available to members. After reviewing the draft:

1. Publish the draft app.

2. Confirm the app appears in Workspace settings > Apps > Enabled.

3. Configure User access for the roles that should use it.

4. Review Action control for read and write actions.

5. Review Action consent or action confirmation behavior.

6. Ask an allowed test user to open Apps in ChatGPT and confirm the app appears.

Install and test the GitHub App

1. In GitHub Enterprise, install the GitHub app on the organization or account.

2. Choose all repositories or selected repositories according to workspace policy.

3. Start the connect flow from ChatGPT as an allowed user.

4. Authorize the GitHub app when prompted.

5. Run a small read action first, such as listing accessible repositories or fetching a known pull request.

6. If write actions are enabled, test with a low-risk repository before broader rollout.

Hostname and OAuth behavior

ChatGPT uses the hostname to derive GitHub Enterprise endpoints. Enter only the host, such as github.example.com or octocorp.ghe.com.

Do not enter an API path, a repository path, or github.com unless that is the exact GitHub Enterprise host for this app.

Troubleshooting

• Redirect URI mismatch: confirm the GitHub App callback URL exactly matches the callback URL shown in ChatGPT.

• ChatGPT cannot create or save the draft app: confirm all required fields are present, including hostname, OAuth client ID, OAuth client secret, private key, and webhook secret.

• Authentication succeeds but repository calls fail: confirm the GitHub App is installed and has access to the repository.

• API returns 403 or insufficient permissions: add the missing GitHub App permission and have the installation owner approve updated permissions if prompted.

• No repositories appear: confirm the app installation includes the expected repositories and the user authorizing in ChatGPT has access to them.

• Webhook deliveries fail: confirm the webhook URL and webhook secret match the values from ChatGPT, keep SSL verification enabled, and make sure the GitHub Enterprise host can reach connectors.api.openai.org.

• Private key errors: confirm the full PEM content was copied, including the begin and end lines.

References

• GitHub docs: Registering a GitHub App

• GitHub docs: About the user authorization callback URL

• GitHub docs: Choosing permissions for a GitHub App

• GitHub docs: Using webhooks with GitHub Apps

• GitHub docs: Managing private keys for GitHub Apps