Using Enterprise Managed Users for IAM
You can manage identity and access with your identity provider and provision accounts that can only contribute to your enterprise.
To manage users in your enterprise with your identity provider, your enterprise must be enabled for Enterprise Managed Users, which are available with GitHub Enterprise Cloud. For more information, see "About Enterprise Managed Users."
You can centrally manage identity and access for your enterprise members on GitHub from your identity provider.
You can automatically manage access to your enterprise account on GitHub by configuring Security Assertion Markup Language (SAML) single sign-on (SSO).
You can automatically manage access to your enterprise account on GitHub by configuring OpenID Connect (OIDC) single sign-on (SSO) and enable support for your IdP's Conditional Access Policy (CAP).
You can configure your identity provider to provision new users and manage their membership in your enterprise and teams.
You can provision new users and manage their membership of your enterprise and teams using Okta as your identity provider.
You can manage team and organization membership on GitHub Enterprise Cloud through your identity provider (IdP) by connecting IdP groups with teams within your enterprise with managed users.
When your enterprise uses OIDC SSO, GitHub can validate access to your enterprise and its resources using your IdP's Conditional Access Policy (CAP).
If you're using SAML to authenticate members in your enterprise with managed users, you can migrate to OpenID Connect (OIDC) and benefit from support for your IdP's Conditional Access Policy.
You can migrate your enterprise to a different identity provider (IdP) or Azure AD tenant.