Disabling authentication and provisioning for Enterprise Managed Users

About disabled authentication for Enterprise Managed Users

After you disable SAML or OIDC SSO and SCIM provisioning for your enterprise, the following effects apply:

• All external identities for the enterprise will be removed. For more information, see "Viewing and managing a user's SAML access to your enterprise."
• All managed user accounts will be suspended. The suspended accounts will not be renamed. For more information, see "Viewing people in your enterprise."
• All personal access tokens and SSH keys associated with managed user accounts will be deleted.
• All of the external groups provisioned by SCIM will be deleted. For more information, see "Managing team memberships with identity provider groups."

If you later reconfigure authentication for the enterprise, external groups must be reprovisioned via SCIM, and managed user accounts must be reprovisioned before users can sign in.

If you want to migrate to a new identity provider (IdP) or tenant rather than disabling authentication entirely, see "Migrating your enterprise to a new identity provider or tenant."

Disabling authentication

1. Sign into GitHub.com as the setup user for your enterprise with the username @SHORT-CODE_admin, replacing SHORT-CODE with your enterprise's short code.

2. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "Accessing your enterprise account if your identity provider is unavailable."

3. In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.

4. In the list of enterprises, click the enterprise you want to view.

5. In the enterprise account sidebar, click Settings.

6. Under Settings, click Authentication security.

7. Under "SAML single sign-on", deselect Require SAML authentication or Require OIDC single sign-on.

8. Click Save.