Using Enterprise Managed Users for IAM

You can centrally manage identity and access for your enterprise members on GitHub from your identity provider.

You can automatically manage access to your enterprise account on GitHub by configuring Security Assertion Markup Language (SAML) single sign-on (SSO).

You can automatically manage access to your enterprise account on GitHub by configuring OpenID Connect (OIDC) single sign-on (SSO) and enable support for your IdP's Conditional Access Policy (CAP).

You can configure your identity provider to provision new users and manage their membership in your enterprise and teams.

You can provision new users and manage their membership of your enterprise and teams using Okta as your identity provider.

You can manage team and organization membership on GitHub Enterprise Cloud through your identity provider (IdP) by connecting IdP groups with teams within your enterprise with managed users.

When your enterprise uses OIDC SSO, GitHub can validate access to your enterprise and its resources using your IdP's Conditional Access Policy (CAP).

If you're using SAML to authenticate members in your enterprise with managed users, you can migrate to OpenID Connect (OIDC) and benefit from support for your IdP's Conditional Access Policy.

You can migrate your enterprise to a different identity provider (IdP) or Azure AD tenant.