Skip to main content
GitHub AE 目前是有限发行版。请联系我们的销售团队以了解更多信息。

About SAML for enterprise IAM

You can use SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) to centrally manage access to 您的企业.

About SAML SSO for your enterprise on GitHub AE

GitHub AE 使用 SAML SSO 进行用户身份验证。 您可以从支持 SAML 2.0 标准的 IdP 集中管理对 GitHub AE 的访问。 您将在初始化过程中输入SAML IdP 的详细信息,以配置 GitHub AE 的身份和访问管理。 更多信息请参阅“初始化 GitHub AE。”

After you configure the application for GitHub AE on your identity provider (IdP), you can provision access to 您的企业 by assigning the application to users and groups on your IdP. For more information about SAML SSO for GitHub AE, see "Configuring SAML single sign-on for your enterprise."

By default, your IdP does not communicate with GitHub AE automatically when you assign or unassign the application. GitHub AE creates a user account using SAML Just-in-Time (JIT) provisioning the first time someone navigates to GitHub AE and signs in by authenticating through your IdP. You may need to manually notify users when you grant access to GitHub AE, and you must manually deactivate the user account on GitHub AE during offboarding. You can use SCIM to create or suspend user accounts and access for GitHub AE automatically when you assign or unassign the application on your IdP. For more information, see "Configuring user provisioning for your enterprise."

To learn how to configure both authentication and user provisioning for 您的企业 with your specific IdP, see "Configuring authentication and provisioning with your identity provider."

Supported IdPs

The following IdPs are officially supported for integration with GitHub AE.

Note: GitHub AE single sign-on (SSO) support for Okta is currently in beta.

IdPSAML用户预配Team mapping
Azure Active Directory (Azure AD)

Mapping GitHub AE teams to Okta groups

If you use Okta as your IdP, you can map your Okta groups to teams on GitHub AE. For more information, see "Mapping Okta groups to teams."

Further reading