Skip to main content

Configuring authentication for Enterprise Managed Users

You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, or disable authentication for your enterprise with managed users.

Who can use this feature?

Enterprise Managed Users is available for new enterprise accounts on GitHub Enterprise Cloud. See "About Enterprise Managed Users."

Configuring SAML single sign-on for Enterprise Managed Users

You can automatically manage access to your enterprise account on GitHub by configuring Security Assertion Markup Language (SAML) single sign-on (SSO).

Configuring OIDC for Enterprise Managed Users

Learn how to automatically manage access to your enterprise account on GitHub by configuring OpenID Connect (OIDC) single sign-on (SSO) and enabling support for your IdP's Conditional Access Policy (CAP).

Configuring SAML single sign-on with Okta for Enterprise Managed Users

Learn how to configure Okta for Enterprise Managed Users on GitHub.com or GHE.com.

Finding the object ID for your Entra OIDC application

Learn how to find the object ID associated with your Enterprise Managed Users OIDC app.

About support for your IdP's Conditional Access Policy

When your enterprise uses OIDC SSO, GitHub can validate access to your enterprise and its resources using your IdP's Conditional Access Policy (CAP).

Disabling authentication and provisioning for Enterprise Managed Users

You can disable SAML or OIDC single sign-on (SSO) and SCIM provisioning for Enterprise Managed Users by using a recovery code to sign in as the setup user.