Skip to main content

About SAML for enterprise IAM

You can use SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) to centrally manage access to your enterprise.

About SAML SSO for your enterprise on GitHub AE

GitHub AE 使用 SAML SSO 进行用户身份验证。 您可以从支持 SAML 2.0 标准的 IdP 集中管理对 GitHub AE 的访问。 您将在初始化过程中输入SAML IdP 的详细信息,以配置 GitHub AE 的身份和访问管理。 有关详细信息,请参阅“初始化 GitHub AE”。

After you configure the application for GitHub AE on your identity provider (IdP), you can provision access to your enterprise by assigning the application to users and groups on your IdP. For more information about SAML SSO for GitHub AE, see "Configuring SAML single sign-on for your enterprise."

默认情况下,当您分配或取消分配应用程序时,您的 IdP 不会自动与 GitHub AE 通信。 GitHub AE 上的资源的访问,使用 SAML 实时 (JIT 创建用户帐户 ,) 首次导航到 GitHub AE 并通过通过 IdP 进行身份验证来登录。 当你授予 GitHub AE 的访问权限时,你可能需要手动通知用户,并且在停用期间必须手动 停用 GitHub AE 上的用户帐户。 当你在 IdP 上分配或取消分配应用程序时,可使用 SCIM 自动/创建或暂停 用户帐户和 GitHub AE 的访问权限。 For more information, see "Configuring user provisioning for your enterprise."

To learn how to configure both authentication and user provisioning for your enterprise with your specific IdP, see "Configuring authentication and provisioning with your identity provider."

Supported IdPs

The following IdPs are officially supported for integration with GitHub AE.

注意:GitHub AE 单一登录 (SSO) 对 Okta 的支持目前处于 beta 版本。

IdPSAML用户预配团队映射
Azure Active Directory (Azure AD)
Okta试用版试用版试用版

Mapping GitHub AE teams to Okta groups

If you use Okta as your IdP, you can map your Okta groups to teams on GitHub AE. For more information, see "Mapping Okta groups to teams."

Further reading