Skip to main content

About two-factor authentication

双重身份验证 (2FA) 是登录网站或应用时使用的额外保护层。 With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.

For GitHub Enterprise Server, the second form of authentication is a code that's generated by an application on your mobile device. After you enable 2FA, GitHub Enterprise Server generates an authentication code any time someone attempts to sign into your account on your GitHub Enterprise Server instance. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.

配置 2FA 后,使用基于时间的一次性密码 (TOTP) 移动应用 添加安全密钥,例如指纹读取器或Windows Hello。 启用安全密钥身份验证的技术称为 WebAuthn。 WebAuthn 是 U2F 的继承者,适用于所有现代浏览器。 有关详细信息,请参阅“WebAuthn”和“是否可以使用。”

You can also configure additional recovery methods in case you lose access to your two-factor authentication credentials. For more information on setting up 2FA, see "Configuring two-factor authentication" and "Configuring two-factor authentication recovery methods."

We strongly urge you to enable 2FA for the safety of your account, not only on GitHub Enterprise Server, but on other websites and apps that support 2FA. You can enable 2FA to access GitHub Enterprise Server and GitHub Desktop.

For more information, see "Accessing GitHub using two-factor authentication."

Two-factor authentication recovery codes

配置双重身份验证时,您将下载并保存双重身份验证恢复代码。 如果无法访问您的电话,您可以使用恢复代码向 GitHub Enterprise Server 验证。 For more information, see "Recovering your account if you lose your 2FA credentials."

Requiring two-factor authentication in your organization

Organization owners can require that organization members and outside collaborators use two-factor authentication to secure their personal accounts. For more information, see "Requiring two-factor authentication in your organization."

支持 2FA 的身份验证方法

身份验证方法说明双重身份验证支持
内置根据存储在 GitHub Enterprise Server 设备上的个人帐户进行身份验证。在 GitHub Enterprise Server 设备上支持和管理。 组织管理员可要求对组织的成员启用 2FA。
内置向身份提供商进行身份验证根据存储在标识提供者中的帐户进行身份验证。依赖身份提供程序。
LDAP允许与您的公司目录服务集成以进行身份验证。在 GitHub Enterprise Server 设备上支持和管理。 组织管理员可要求对组织的成员启用 2FA。
SAML在外部身份提供商上进行身份验证。在 GitHub Enterprise Server 设备上不受支持或无法管理,但受外部身份验证提供商的支持。 在组织上无法实施双重身份验证。
CAS单点登录服务由外部服务器提供。在 GitHub Enterprise Server 设备上不受支持或无法管理,但受外部身份验证提供商的支持。 在组织上无法实施双重身份验证。