About two-factor authentication and SAML single sign-on

Organizations administrators can enable both SAML single sign-on and two-factor authentication to add additional authentication measures for their organization members.

Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization administrators limit the likelihood that a member's account on GitHub.com could be compromised. For more information on 2FA, see "About two-factor authentication."

To add additional authentication measures, organization administrators can also enable SAML single sign-on (SSO) so that organization members must use single sign-on to access an organization. For more information on SAML SSO, see "About identity and access management with SAML single sign-on."

If both 2FA and SAML SSO are enabled, organization members must do the following:

  • Use 2FA to log in to their account on GitHub.com
  • Use single sign-on to access the organization
  • Use an authorized token for API or Git access and use single sign-on to authorize the token

Further reading

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.