Using Enterprise Managed Users for IAM

You can manage identity and access with your identity provider and provision accounts that can only contribute to your enterprise.

To manage users in your enterprise with your identity provider, your enterprise must be enabled for Enterprise Managed Users, which are available with GitHub Enterprise Cloud. For more information, see "About Enterprise Managed Users."

About Enterprise Managed Users

You can centrally manage identity and access for your enterprise members on GitHub from your identity provider.

Configuring SAML single sign-on for Enterprise Managed Users

You can automatically manage access to your enterprise account on GitHub by configuring Security Assertion Markup Language (SAML) single sign-on (SSO).

Configuring OIDC for Enterprise Managed Users

You can automatically manage access to your enterprise account on GitHub by configuring OpenID Connect (OIDC) single sign-on (SSO) and enable support for your IdP's Conditional Access Policy (CAP).

Configuring SCIM provisioning for Enterprise Managed Users

You can configure your identity provider to provision new users and manage their membership in your enterprise and teams.

Configuring SCIM provisioning for Enterprise Managed Users with Okta

You can provision new users and manage their membership of your enterprise and teams using Okta as your identity provider.

Managing team memberships with identity provider groups

You can manage team membership on GitHub Enterprise Cloud through your identity provider (IdP) by connecting IdP groups with your enterprise with managed users.

About support for your IdP's Conditional Access Policy

When your enterprise uses OIDC SSO, GitHub will validate access to your enterprise and its resources using your IdP's Conditional Access Policy (CAP).

Migrating from SAML to OIDC

If you're using SAML to authenticate members in your enterprise with managed users, you can migrate to OpenID Connect (OIDC) and benefit from support for your IdP's Conditional Access Policy.