When using LDAP or built-in authentication, two-factor authentication is supported on your GitHub Enterprise Server instance. Organization administrators can require members to have two-factor authentication enabled.
使用 SAML 或 CAS 时,双重身份验证在 GitHub Enterprise Server 设备上不受支持或� 法管理,但受外部身份验证提供商的支持。 在组织上� 法实施双重身份验证。 有关对组织强制实施双� � 身份验证的详细信息,请参阅“在� 的组织中要求进行双� � 身份验证”。
For more information, see "About two-factor authentication."
Requirements for enforcing two-factor authentication
Before you can require organization members and outside collaborators to use 2FA, you must enable two-factor authentication for your own personal account.
Warnings:
- When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can reinstate their access privileges and settings.
- When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization.
- If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
Before you require use of two-factor authentication, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can see if members and outside collaborators already use 2FA on an organization's People tab.
-
在 GitHub Enterprise Server 的右上角,单击� 的个人资料照片,然后单击“� 的组织”。
-
在组织旁边,单击“设置”。
-
In the left sidebar, click Organization security.
-
在“身份验证”下,选择“要求对组织中的每个人进行双重身份验证”,然后单击“保存” 。
-
如果出现提示,请阅读有关将从组织中� 除的成员和外部协作者的信息。 输入� 的组织名称以确认更改,然后单击“� 除成员并要求双� � 身份验证”。
Viewing people who were removed from your organization
To view people who were automatically removed from your organization for non-compliance when you required two-factor authentication, you can search the audit log using reason:two_factor_requirement_non_compliance
in the search field.
-
在任意页面的左上角,单击 。
-
从 GitHub Enterprise Server 上的管理帐户任意页面的右上角,单击 。
-
如果� 尚未在“站点管理员”页上,请在左上角单击“站点管理员”。
-
In the left sidebar, click Audit log.
-
Enter your search query using
reason:two_factor_requirement_non_compliance
. To narrow your search for:-
Organizations members removed, enter
action:org.remove_member AND reason:two_factor_requirement_non_compliance
-
Outside collaborators removed, enter
action:org.remove_outside_collaborator AND reason:two_factor_requirement_non_compliance
You can also view people removed from a particular organization by using the organization name in your search:
-
org:octo-org AND reason:two_factor_requirement_non_compliance
-
-
Click Search.
Helping removed members and outside collaborators rejoin your organization
If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.