diff --git a/lib/auth/github.go b/lib/auth/github.go
index 89c61872c4c9d..5b91f0d62f23f 100644
--- a/lib/auth/github.go
+++ b/lib/auth/github.go
@@ -24,6 +24,7 @@ import (
 	"io"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/coreos/go-oidc/oauth2"
@@ -958,7 +959,7 @@ func (c *githubAPIClient) getTeams() ([]teamResponse, error) {
 
 // get makes a GET request to the provided URL using the client's token for auth
 func (c *githubAPIClient) get(page string) ([]byte, string, error) {
-	request, err := http.NewRequest("GET", fmt.Sprintf("https://%s/%s", c.apiEndpointHostname, page), nil)
+	request, err := http.NewRequest("GET", formatGithubURL(c.apiEndpointHostname, page), nil)
 	if err != nil {
 		return nil, "", trace.Wrap(err)
 	}
@@ -984,6 +985,11 @@ func (c *githubAPIClient) get(page string) ([]byte, string, error) {
 	return bytes, wls.NextPage, nil
 }
 
+// formatGithubURL is a helper for formatting github api request URLs.
+func formatGithubURL(host string, path string) string {
+	return fmt.Sprintf("https://%s/%s", host, strings.TrimPrefix(path, "/"))
+}
+
 const (
 	// GithubAuthPath is the GitHub authorization endpoint
 	GithubAuthPath = "login/oauth/authorize"
diff --git a/lib/auth/github_test.go b/lib/auth/github_test.go
index c72b5c45b9d78..9dc08f695dd34 100644
--- a/lib/auth/github_test.go
+++ b/lib/auth/github_test.go
@@ -520,3 +520,31 @@ func TestCheckGithubOrgSSOSupport(t *testing.T) {
 		})
 	}
 }
+
+func TestGithubURLFormat(t *testing.T) {
+	tts := []struct {
+		host   string
+		path   string
+		expect string
+	}{
+		{
+			host:   "example.com",
+			path:   "foo/bar",
+			expect: "https://example.com/foo/bar",
+		},
+		{
+			host:   "example.com",
+			path:   "/foo/bar?spam=eggs",
+			expect: "https://example.com/foo/bar?spam=eggs",
+		},
+		{
+			host:   "example.com",
+			path:   "/foo/bar",
+			expect: "https://example.com/foo/bar",
+		},
+	}
+
+	for _, tt := range tts {
+		require.Equal(t, tt.expect, formatGithubURL(tt.host, tt.path))
+	}
+}