我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

About authentication with SAML single sign-on

You can access an organization that uses SAML single sign-on (SSO) by authenticating through an identity provider (IdP).To authenticate with the API or Git on the command line when an organization enforces SAML SSO, you must authorize your personal access token or SSH key.

SAML 单点登录可用于 GitHub Enterprise Cloud。 更多信息请参阅“GitHub's products”。

SAML 单点登录 (SSO) 为 GitHub 上的组织所有者和企业所有者提供一种控制安全访问仓库、议题和拉取请求等组织资源的方法。 Organization owners can invite your user account on GitHub to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on GitHub.

When you access resources within an organization that uses SAML SSO, GitHub will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to GitHub, where you can access the organization's resources.

注:外部协作者无需使用 IdP 进行身份验证即可访问实施 SAML SSO 的组织中的资源。 有关外部协作者的更多信息,请参阅“组织的权限级别”。

If you have recently authenticated with your organization's SAML IdP in your browser, you are automatically authorized when you access a GitHub organization that uses SAML SSO. If you haven't recently authenticated with your organization's SAML IdP in your browser, you must authenticate at the SAML IdP before you can access the organization.

您必须定期向 SAML IdP 身份验证并访问 GitHub.com 上的组织资源 。 此登录期的持续时间由 IdP 指定,一般为 24 小时。 此定期登录要求会限制访问的时长,您必须重新验证身份后才可继续访问。

To use the API or Git on the command line to access protected content in an organization that uses SAML SSO, you will need to use an authorized personal access token over HTTPS or an authorized SSH key. OAuth 应用程序 access tokens are authorized by default.

If you don't have a personal access token or an SSH key, you can create a personal access token for the command line or generate a new SSH key. For more information, see "Creating a personal access token" or "Generating a new SSH key and adding it to the ssh-agent."

To use a new or existing personal access token or SSH key with an organization that enforces SAML SSO, you will need to authorize the token or authorize the SSH key for use with a SAML SSO organization. For more information, see "Authorizing a personal access token for use with SAML single sign-on" or "Authorizing an SSH key for use with SAML single sign-on."

You must have an active SAML session each time you authorize an OAuth 应用程序.

Further reading

此文档对您有帮助吗?

Privacy policy

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。