If your enterprise uses Enterprise Managed Users, GitHub Enterprise Cloud normalizes an identifier provided by your identity provider (IdP) to create each person's username on GitHub. If multiple accounts are normalized into the same GitHub username, a username conflict occurs, and only the first user account is created. For more information, see "Username considerations for external authentication."
Errors when switching authentication configurations
If you're experiencing problems while switching between different authentication configurations, such as changing your SAML SSO configuration from an organization to an enterprise account or migrating from SAML to OIDC for Enterprise Managed Users, ensure you're following our best practices for the change.
- "Switching your SAML configuration from an organization to an enterprise account"
- "Migrating from SAML to OIDC"
- "Migrating your enterprise to a new identity provider or tenant"
Accessing your enterprise when SSO is not available
When a configuration error or an issue with your identity provider IdP prevents you from using SSO, you can use a recovery code to access your enterprise. For more information, see "Accessing your enterprise account if your identity provider is unavailable."
SCIM provisioning errors
Azure AD will retry SCIM provisioning attempts automatically during the next Azure AD sync cycle. The default SCIM provisioning interval for Azure AD is 40 minutes. For more information about this retry behavior, see the Microsoft documentation or contact Azure support if you need additional assistance.
Okta will retry failed SCIM provisioning attempts with manual Okta admin intervention. For more information about how an Okta admin can retry a failed task for a specific application, see the Okta documentation or contact Okta support if you need additional assistance.
SAML authentication errors
If users are experiencing errors when attempting to authenticate with SAML, see "Troubleshooting SAML authentication."