When you adopt GitHub Enterprise Cloud with data residency, you can choose where your company's code and data are stored.
After you have worked with Vertriebsteam von GitHub to create an enterprise account with a dedicated URL on GHE.com, you'll use this guide to set up your enterprise. You will:
- Add users by configuring authentication and provisioning with an identity management system
- Set up billing for your enterprise
- Optionally, migrate data from another platform
- Learn about available features, including features that work differently or require additional configuration
After this initial setup, you'll be able to create organizations and repositories, collaborate on code, configure policies, and more.
Prerequisites
-
You must have been provisioned with an enterprise on GHE.com.
-
If you intend to pay with a Microsoft Azure subscription, you must have admin access to the Azure portal or work with someone to configure an admin consent workflow. For a full list of prerequisites, see "Herstellen einer Verbindung mit einem Azure-Abonnement."
-
You must ensure that client systems trust GitHub's SSH key fingerprints and can access certain hostnames and IP addresses. See "Network details for GHE.com."
1. Add users to your enterprise
Enterprises on GHE.com use Enterprise Managed Users. To create user accounts and grant access to your new enterprise on GHE.com, you must configure authentication and SCIM provisioning. See "Erste Schritte mit Enterprise Managed Users."
Sign in as the setup user
After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is a randomly generated shortcode, suffixed with _admin
.
Using an incognito or private browsing window:
- Set the user's password.
- Save the user's recovery codes.
Wenn du das Kennwort für deinen Setupbenutzer zurücksetzen musst, wende dich über das GitHub-Supportportal an den GitHub-Support.
Create a personal access token
Next, create a personal access token that you can use to configure provisioning.
- You must be signed in as the setup user when you create the token.
- The token must have at least the scim:enterprise scope.
- The token must have no expiration.
To learn how to create a personal access token (classic), see "Verwalten deiner persönlichen Zugriffstoken."
Configure authentication
Next, configure how your members will authenticate.
If you're using Entra ID as your IdP, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML).
- We recommend OIDC, which includes support for Conditional Access Policies (CAP).
- If you require multiple enterprises provisioned from one tenant, you can use SAML or OIDC for the first enterprise, but must use SAML for each additional enterprise.
If you're using another IdP, like Okta or PingFederate, you must use SAML to authenticate your members.
To get started, read the guide for your chosen authentication method.
- "Konfigurieren von OIDC für Enterprise Managed Users"
- "Konfigurieren von SAML Single Sign-On für verwaltete Enterprise-Benutzer*innen"
Configure provisioning
After you configure authentication, you can configure SCIM provisioning, which is how your IdP will create verwaltete Benutzerkonten on GitHub. See "Konfigurieren der SCIM-Bereitstellung für vom Unternehmen verwaltete Benutzer."
Manage organization membership
After authentication and provisioning are configured, you can start managing organization membership for your verwaltete Benutzerkonten by synchronizing IdP groups with teams. See "Verwalten von Teammitgliedschaften mit Identitätsanbietergruppen."
2. Set up billing
To pay for licenses and services, you can use a credit card, PayPal, or a Microsoft Azure subscription.
- To add a credit card or PayPal details, see "Überprüfen deiner Zahlungs- und Abrechnungsinformationen."
- To link an Azure subscription, see "Herstellen einer Verbindung mit einem Azure-Abonnement."
3. Migrate data
Optionally, to migrate existing data to your new enterprise on GHE.com, you can use GitHub's migration tools.
- If you're migrating from GitHub.com, GitHub Enterprise Server, Azure DevOps, or Bitbucket Server, you can migrate source code history and metadata with GitHub Enterprise Importer. See "Informationen zu GitHub Enterprise Importer."
- If you're migrating from a different platform, see "Migrationspfade zu GitHub."
Example script for GitHub Enterprise Importer
The following script demonstrates the use of GitHub Enterprise Importer for migration of an individual source repository from GitHub.com to a target repository on GHE.com. The --target-api-url
parameter sets your enterprise on GHE.com as the destination of the migration.
You can use the environment variable definitions in the script as an example to create additional commands that migrate data using GitHub Enterprise Importer.
In the following script, replace the following placeholder text with actual values.
Placeholder | Description |
---|---|
TARGET-TOKEN | Personal access token (PAT) for accessing the target enterprise on GHE.com |
SOURCE-TOKEN | PAT for accessing the source resources on GitHub.com |
TARGET-GHE-API-URL | The URL for accessing API endpoints for your enterprise. For example, if your enterprise's subdomain is octocorp , this value must be https://api.octocorp.ghe.com . |
SOURCE-GH-ORGANIZATION-NAME | The name of the source organization on GitHub.com. |
SOURCE-GH-REPOSITORY-NAME | The name of the source repository on GitHub.com. |
TARGET-GHE-ORGANIZATION-NAME | The name of the target organization on GHE.com. |
TARGET-GHE-REPOSITORY-NAME | The name of the target repository on GHE.com. |
#!/bin/sh export GH_PAT="TARGET-TOKEN" export GH_SOURCE_PAT="SOURCE-TOKEN" export TARGET_API_URL="TARGET-GHE-API-URL" export GITHUB_SOURCE_ORG="SOURCE-GH-ORGANIZATION-NAME" export SOURCE_REPO="SOURCE-GH-REPOSITORY-NAME" export GITHUB_TARGET_ORG="TARGET-GHE-ORGANIZATION-NAME" export TARGET_REPO="TARGET-GHE-REPOSITORY-NAME" gh gei migrate-repo --target-api-url $TARGET_API_URL --github-source-org $GITHUB_SOURCE_ORG --source-repo $SOURCE_REPO --github-target-org $GITHUB_TARGET_ORG --target-repo $TARGET_REPO --verbose
#!/bin/sh
export GH_PAT="TARGET-TOKEN"
export GH_SOURCE_PAT="SOURCE-TOKEN"
export TARGET_API_URL="TARGET-GHE-API-URL"
export GITHUB_SOURCE_ORG="SOURCE-GH-ORGANIZATION-NAME"
export SOURCE_REPO="SOURCE-GH-REPOSITORY-NAME"
export GITHUB_TARGET_ORG="TARGET-GHE-ORGANIZATION-NAME"
export TARGET_REPO="TARGET-GHE-REPOSITORY-NAME"
gh gei migrate-repo --target-api-url $TARGET_API_URL --github-source-org $GITHUB_SOURCE_ORG --source-repo $SOURCE_REPO --github-target-org $GITHUB_TARGET_ORG --target-repo $TARGET_REPO --verbose
4. Learn about GitHub's features
When you have completed the initial setup of your enterprise, you and your enterprise's members can start using GitHub's features.
The features available with data residency on GHE.com are similar to the features available to verwaltete Benutzerkonten on GitHub.com, with some additions and exceptions. Some features work differently or require additional configuration compared to the equivalent feature on GitHub.com. See "Feature overview for GitHub Enterprise Cloud with data residency."