Configuring authentication for Enterprise Managed Users
You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, or disable authentication for your enterprise with managed users.
Who can use this feature?
Enterprise Managed Users is available for new enterprise accounts on GitHub Enterprise Cloud. See "About Enterprise Managed Users."
Configuring SAML single sign-on for Enterprise Managed Users
You can automatically manage access to your enterprise account on GitHub by configuring Security Assertion Markup Language (SAML) single sign-on (SSO).
Configuring OIDC for Enterprise Managed Users
Learn how to automatically manage access to your enterprise account on GitHub by configuring OpenID Connect (OIDC) single sign-on (SSO) and enabling support for your IdP's Conditional Access Policy (CAP).
Configuring SAML single sign-on with Okta for Enterprise Managed Users
Learn how to configure SAML SSO for Enterprise Managed Users on Okta and GitHub Enterprise Cloud.
Finding the object ID for your Entra OIDC application
Learn how to find the object ID associated with your Enterprise Managed Users OIDC app.
About support for your IdP's Conditional Access Policy
When your enterprise uses OIDC SSO, GitHub can validate access to your enterprise and its resources using your IdP's Conditional Access Policy (CAP).
Disabling authentication and provisioning for Enterprise Managed Users
You can disable SAML or OIDC single sign-on (SSO) and SCIM provisioning for Enterprise Managed Users by using a recovery code to sign in as the setup user.