About team management with 企业托管用户
With 企业托管用户, you can manage team membership within your enterprise through your IdP. When you connect a team in one of your enterprise's organizations to an IdP group, changes to membership from the IdP group are reflected in your enterprise automatically, reducing the need for manual updates and custom scripts.
When a change to an IdP group or a new team connection results in a 托管用户 joining a team in an organization they were not already a member of, the 托管用户 will automatically be added to the organization. Organization owners can also manage organization membership manually. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means.
You can connect a team in your enterprise to one IdP group. You can assign the same IdP group to multiple teams in your enterprise.
If you are connecting an existing team to an IdP group, you must first remove any members that were added manually. After you connect a team in your enterprise to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on GitHub.com.
When group membership changes on your IdP, your IdP sends a SCIM request with the changes to GitHub.com according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning.
Teams connected to IdP groups cannot be parents of other teams nor a child of another team. If the team you want to connect to an IdP group is a parent or child team, we recommend creating a new team or removing the nested relationships that make your team a parent team.
To manage repository access for any team in your enterprise, including teams connected to an IdP group, you must make changes on GitHub.com. For more information, see "Managing team access to an organization repository".
Creating a new team connected to an IdP group
Any member of an organization can create a new team and connect the team to an IdP group.
- 在 GitHub.com 的右上角,单击您的头像,然后单击 Your organizations(您的组织)。
- 单击您的组织名称。
- 在组织名称下,单击
团队。
- 在 Teams(团队)选项卡的右侧,单击 New team(新团队)。
- 在“Create new team(创建新团队)”下,输入新团队的名称。
- (可选)在“Description(描述)”字段中输入团队的描述。
- To connect a team, select the "Identity Provider Groups" drop-down menu and click the team you want to connect.
- 决定团队是可见还是机密。
- 单击 Create team(创建团队)。
Managing the connection between an existing team and an IdP group
Organization owners and team maintainers can manage the existing connection between an IdP group and a team.
Note: Before you connect an existing team on GitHub.com to an IdP group for the first time, all members of the team on GitHub.com must first be removed. For more information, see "Removing organization members from a team."
-
在 GitHub.com 的右上角,单击您的头像,然后单击 Your profile(您的个人资料)。
-
在 GitHub.com 的右上角,单击您的头像,然后单击 Your organizations(您的组织)。
-
在组织名称下,单击 团队。
-
在 Teams(团队)选项卡上,单击团队名称。
-
在团队页面顶部,单击 Settings(设置)。
-
Optionally, under "Identity Provider Group", to the right of the IdP group you want to disconnect, click .
-
To connect an IdP group, under "Identity Provider Group", select the drop-down menu, and click an identity provider group from the list.
-
Click Save changes.
Viewing IdP groups, group membership, and connected teams
You can review a list of IdP groups, see any teams connected to an IdP group, and see the membership of each IdP group on GitHub Enterprise Cloud. You must edit the membership for a group on your IdP.
-
在 GitHub.com 的右上角,单击您的个人资料照片,然后单击 Your enterprises(您的企业)。
-
在企业列表中,单击您想要查看的企业。
-
To review a list of IdP groups, in the left sidebar, click Identity provider.
-
To see the members and teams connected to an IdP group, click the group's name.
-
To view the teams connected to the IdP group, click Teams.
