Before you can initialize your enterprise, you must purchase GitHub AE. For more information, contact GitHub's Vertriebsteam.
After you purchase GitHub AE, we'll ask you to provide an email address and username for the person you want to initialize the enterprise. Your dedicated technical account manager in GitHub Enterprise-Support will create an account for the enterprise owner and send the enterprise owner an email to log into GitHub AE and complete the initialization. Make sure the information you provide matches the intended enterprise owner's information in the IdP. For more information about enterprise owners, see "Roles in an enterprise."
If the initial password for GitHub AE expires before you finish initialization, you can request a password reset at any time from your invitation email.
Store the initial username and password for GitHub AE securely in a password manager. If you can't sign into your enterprise because GitHub AE can't communicate with your SAML IdP, you can contact GitHub-Support, who can help you access GitHub AE to update the SAML SSO configuration. For more information, see "Receiving help from GitHub-Support."
During initialization, the enterprise owner will name your enterprise, configure SAML SSO, create policies for all organizations in your enterprise, and configure a support contact for your users.
To begin initialization, you will receive an invitation email from GitHub. Before you configure GitHub AE, review the following prerequisites.
To initialize your enterprise, you must have a SAML identity provider (IdP). GitHub AE uses SAML SSO for user authentication. You can centrally manage access to GitHub AE from an IdP that supports the SAML 2.0 standard. To connect your IdP to your enterprise during initialization, you should have your IdP's Entity ID (SSO) URL, Issuer ID URL, and public signing certificate (Base64-encoded). For more information, see "About identity and access management for your enterprise."
Hinweis: Create and use a dedicated machine user account on your IdP to associate with the first enterprise owner account on GitHub AE. Store the credentials for the user account securely in a password manager.
To make a person an enterprise owner, you must delegate ownership permission in your IdP. Include the
administratorattribute in the SAML assertion for the user account on the IdP, with the value of
true. For more information about enterprise owners, see "Roles in an enterprise."
- Follow the instructions in your welcome email to reach your enterprise.
- Type your credentials under "Change password", then click Change password.
- Under "What would you like your enterprise account to be named?", type the enterprise's name, then click Save and continue.
To configure authentication for GitHub AE, you must provide GitHub AE with the details for your SAML IdP. GitHub recommends using Azure AD as your IdP. For more information, see "Configuring authentication and provisioning with your identity provider."
- To the right of "Set up your identity provider", click Configure.
- Under "Sign on URL", copy and paste the URL for your SAML IdP.
- Under "Issuer", copy and paste the issuer URL for your SAML IdP.
- Under "Public certificate", copy and paste the public certificate for your SAML IdP.
- Click Test SAML configuration to ensure that the information you've entered is correct.
- Klicke auf Save (Speichern).
Configuring policies will set limitations for repository and organization management for your enterprise. These can be reconfigured after the initialization process.
- To the right of "Set your enterprise policies", click Configure.
- Under "Default Repository Permissions", use the drop-down menu and click a default permissions level for repositories in your enterprise. If a person has multiple avenues of access to an organization, either individually, through a team, or as an organization member, the highest permission level overrides any lower permission levels. Optionally, to allow organizations within your enterprise to set their default repository permissions, click No policy
- Under "Repository creation", choose whether you want to allow members to create repositories. Optionally, to allow organizations within your enterprise to set permissions, click No policy.
- Under "Repository forking", choose whether to allow forking of private and internal repositories. Optionally, to allow organizations within your enterprise to set permissions, click No policy
- Under "Repository invitations", choose whether members or organization owners can invite collaborators to repositories. Optionally, to allow organizations within your enterprise to set permissions, click No policy
- Under "Default repository visibility", use the drop-down menu and click the default visibility setting for new repositories.
- Under "Users can create organizations", use the drop-down menu to enable or disable organization creation access for members of the enterprise.
- Under "Force pushes", use the drop-down menu and choose whether to allow or block force pushes.
- Under "Git SSH access", use the drop-down menu and choose whether to enable Git SSH access for all repositories in the enterprise.
- Click Save
- Optionally, to reset all selections, click "Reset to default policies".
You can configure the method your users will use to contact your internal support team. This can be reconfigured after the initialization process.
- To the right of "Internal support contact", click Configure.
- Under "Internal support contact", select the method for users of your enterprise to contact support, through a URL or an e-mail address. Then, type the support contact information.
- Klicke auf Save (Speichern).
Once this is initialized, you can reconfigure any settings after the initialization process. For more information, see "Configuring email for notifications."
To the right of "Configure email settings", click Configure.
Wählen Sie Enable email (E-Mail aktivieren) aus. This will enable both outbound and inbound email, however, for inbound email to work you will also need to configure your DNS settings. For more information, see "Configuring DNS and firewall settings to allow incoming emails."
Complete your email server settings:
- Geben Sie im Feld Server address (Serveradresse) die Adresse Ihres SMTP-Servers ein.
- Geben Sie im Feld Port den Port ein, der von Ihrem SMTP-Server zum Senden von E-Mails verwendet wird.
- Geben Sie im Feld Domain den Domain-Namen ein, der ggf. von Ihrem SMTP-Server mit einer HELO-Antwort gesendet wird.
- Wählen Sie im Dropdownmenü Authentication (Authentifizierung) den von Ihrem SMTP-Server verwendeten Verschlüsselungstyp aus.
- Geben Sie im Feld No-reply email address („no-reply“-E-Mail-Adresse) die E-Mail-Adresse ein, die für alle Benachrichtigungs-E-Mails in den Feldern „From“ (Von) und „To“ (An) verwendet werden soll.
Wenn Sie alle eingehenden E-Mails verwerfen möchten, die an die „no-reply“-E-Mail-Adresse adressiert sind, sollten Sie Discard email addressed to the no-reply email address (An die „no-reply“-E-Mail-Adresse adressierte E-Mails verwerfen) aktivieren.
Click Test email settings.
Under "Send test email to," type the email address where you want to send a test email, then click Send test email.
Klicke auf Save (Speichern).