About authentication for your enterprise

About authentication for your enterprise

Enterprise owners on GitHub Enterprise Cloud can control the requirements for authentication and access to the enterprise's resources.

You can choose to allow members to create and manage user accounts, or your enterprise can create and manage accounts for members with Enterprise Managed Users. If you allow members to manage their own accounts, you can also configure SAML authentication to both increase security and centralize identity and access for the web applications that your team uses.

After learning more about these options, to determine which method is best for your enterprise, see "Identifying the best authentication method for your enterprise."

Authentication through GitHub.com

By default, each member must create a personal account on GitHub.com. You grant access to your enterprise, and the member can access your enterprise's resources after signing into the account on GitHub.com. The member manages the account, and can contribute to other enterprises, organizations, and repositories on GitHub.com.

Authentication through GitHub.com with additional SAML access restriction

If you configure additional SAML access restriction, each member must create and manage a personal account on GitHub.com. You grant access to your enterprise, and the member can access your enterprise's resources after both signing into the account on GitHub.com and successfully authenticating with your SAML identity provider (IdP). The member can contribute to other enterprises, organizations, and repositories on GitHub.com using their personal account. For more information about requiring SAML authentication for all access your enterprise's resources, see "About SAML for enterprise IAM."

You can choose between configuring SAML at the enterprise level, which applies the same SAML configuration to all organizations within the enterprise, and configuring SAML separately for individual organizations. For more information, see "Deciding whether to configure SAML for your enterprise or your organizations."

Authentication with Enterprise Managed Users and federation

If you need more control of the accounts for your enterprise members on GitHub.com, you can use Enterprise Managed Users. With Enterprise Managed Users, you provision and manage accounts for your enterprise members on GitHub.com using your IdP. Each member signs into an account that you create, and your enterprise manages the account. Contributions to the rest of GitHub.com are restricted. For more information, see "About Enterprise Managed Users."

Further reading

• "Types of GitHub accounts"
• "About enterprise accounts"
• "Can I create accounts for people in my organization?"
• "Switching your SAML configuration from an organization to an enterprise account"