Skip to main content

Using SAML for enterprise IAM

You can centrally manage access to your enterprise's resources with SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM).

Note: If your enterprise uses Enterprise Managed Users, you must follow a different process to configure SAML single sign-on. For more information, see "Configuring SAML single sign-on for Enterprise Managed Users."

Deciding whether to configure SAML for your enterprise or your organizations

You can configure SAML for your enterprise account, with the same configuration applying to all of its organizations, or you can create separate configurations for individual organizations.

Configuring SAML single sign-on for your enterprise

You can control and secure access to resources like repositories, issues, and pull requests within your enterprise's organizations by enforcing SAML single sign-on (SSO) through your identity provider (IdP).

Managing team synchronization for organizations in your enterprise

You can enable team synchronization between Microsoft Entra ID (previously known as Azure AD) and GitHub Enterprise Cloud to allow organizations owned by your enterprise account to manage team membership through IdP groups.

Configuring SAML single sign-on for your enterprise using Okta

You can use Security Assertion Markup Language (SAML) single sign-on (SSO) with Okta to automatically manage access to your enterprise account on GitHub Enterprise Cloud.

Disabling SAML single sign-on for your enterprise

You can disable SAML single sign-on (SSO) for your enterprise account.

Switching your SAML configuration from an organization to an enterprise account

Learn special considerations and best practices for replacing an organization-level SAML configuration with an enterprise-level SAML configuration.

Troubleshooting SAML authentication

If you use SAML single sign-on (SSO) and people are unable to authenticate to access GitHub.com, you can troubleshoot the problem.