Skip to main content

Troubleshooting identity and access management for your enterprise

Review common issues and solutions for identity and access management for your enterprise.

Username conflicts

If your enterprise uses Enterprise Managed Users, GitHub Enterprise Cloud normalizes an identifier provided by your identity provider (IdP) to create each person's username on GitHub. If multiple accounts are normalized into the same GitHub username, a username conflict occurs, and only the first user account is created. For more information, see "Username considerations for external authentication."

Errors when switching authentication configurations

If you're experiencing problems while switching between different authentication configurations, such as changing your SAML SSO configuration from an organization to an enterprise account or migrating from SAML to OIDC for Enterprise Managed Users, ensure you're following our best practices for the change.

Accessing your enterprise when SSO is not available

When a configuration error or an issue with your identity provider IdP prevents you from using SSO, you can use a recovery code to access your enterprise. For more information, see "Accessing your enterprise account if your identity provider is unavailable."

SCIM provisioning errors

Azure AD will retry SCIM provisioning attempts automatically during the next Azure AD sync cycle. The default SCIM provisioning interval for Azure AD is 40 minutes. For more information about this retry behavior, see the Microsoft documentation or contact Azure support if you need additional assistance.

Okta will retry failed SCIM provisioning attempts with manual Okta admin intervention. For more information about how an Okta admin can retry a failed task for a specific application, see the Okta documentation or contact Okta support if you need additional assistance.

SAML authentication errors

If users are experiencing errors when attempting to authenticate with SAML, see "Troubleshooting SAML authentication."

Further reading