Skip to main content

Best practices for enterprises

Learn GitHub-recommended practices for your enterprise.

Identify the best authentication method for your enterprise

You can choose to allow members to create and manage user accounts, or your enterprise can create and manage accounts for members with Enterprise Managed Users. If you allow members to manage their own accounts, you can also configure SAML authentication to both increase security and centralize identity and access for the web applications that your team uses.

For help identifying the authentication method that will best meet your needs, see "About authentication for your enterprise."

Use policies

We recommend using policies to enforce business rules and regulatory compliance.

Each enterprise policy controls the options available for a policy at the organization level. You can choose to not enforce a policy, which allows organization owners to configure the policy for the organization, or you can choose from a set of options to enforce for all organizations owned by your enterprise. For more information, see "About enterprise policies."

Minimize the number of organizations

Large enterprises often need multiple organizations, but try to create as few as possible to reflect top-level corporate divisions. A smaller number of organizations encourages innersource practices and allows discussions to involve a wider audience.

Instead, you can manage repository access and security requirements at a more granular level within each organization by using teams. For more information, see "About teams."

Avoid extensive collaboration in user-owned repositories

We recommend collaborating in organization-owned repositories whenever possible and minimizing collaboration in user-owned repositories. Organization-owned repositories have more sophisticated security and administrative features, and they remain accessible even as enterprise membership changes.

Use human-readable usernames

If you control the usernames for enterprise members, use human-readable usernames, and avoid machine-generated IDs that are difficult for humans to read.

You can manage the display of usernames within your enterprise's private repositories. For more information, see "Managing the display of member names in your organization."

Further reading