Skip to main content

Disabling authentication and provisioning for Enterprise Managed Users

You can disable SAML or OIDC single sign-on (SSO) and SCIM provisioning for Enterprise Managed Users by using a recovery code to sign in as the setup user.

Who can use this feature?

The setup user can disable SAML or OIDC SSO and SCIM provisioning for Enterprise Managed Users.

About disabled authentication for Enterprise Managed Users

After you disable SAML or OIDC SSO for your enterprise, the following effects apply:

If you later reconfigure authentication for the enterprise, external groups must be reprovisioned via SCIM, and managed user accounts must be reprovisioned before users can sign in.

Note

When a managed user account is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar.

If you want to migrate to a new identity provider (IdP) or tenant rather than disabling authentication entirely, see "Migrating your enterprise to a new identity provider or tenant."

Disabling authentication

Warning

Disabling authentication and provisioning will prevent your enterprise's managed user accounts from signing in to access your enterprise on GitHub Enterprise Cloud.

  1. Sign in as the setup user for your enterprise with the username SHORT-CODE_admin, replacing SHORT-CODE with your enterprise's short code.
  2. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "Accessing your enterprise account if your identity provider is unavailable."
  3. In the top-right corner of GitHub, click your profile photo, then click Your enterprise.
  4. On the left side of the page, in the enterprise account sidebar, click Identity provider.
  5. Under Identity Provider, click Single sign-on configuration.
  6. Next to "SAML single sign-on" or "OIDC single sign-on", click to deselect SAML single sign-on or OIDC single sign-on.
  7. To confirm, click Disable SAML single sign-on or Disable OIDC single sign-on.