Skip to main content

Managing SAML single sign-on for your organization

Organization owners can manage organization members' identities and access to the organization with SAML single sign-on (SSO).

Note

To use SAML single sign-on, your organization must use GitHub Enterprise Cloud. For more information about how you can try GitHub Enterprise Cloud for free, see Setting up a trial of GitHub Enterprise Cloud.

About identity and access management with SAML single sign-on

If you centrally manage your users' identities and applications with an identity provider (IdP), you can configure Security Assertion Markup Language (SAML) single sign-on (SSO) to protect your organization's resources on GitHub.

About SCIM for organizations

With System for Cross-domain Identity Management (SCIM), administrators can automate the exchange of user identity information between systems.

Connecting your identity provider to your organization

To use SAML single sign-on and SCIM, you must connect your identity provider (IdP) to your organization on GitHub Enterprise Cloud.

Configuring SAML single sign-on and SCIM using Okta

You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on GitHub.

Enabling and testing SAML single sign-on for your organization

Organization owners and admins can enable SAML single sign-on to add an extra layer of security to their organization.

Preparing to enforce SAML single sign-on in your organization

Before you enforce SAML single sign-on in your organization, you should verify your organization's membership and configure the connection settings to your identity provider.

Enforcing SAML single sign-on for your organization

Organization owners and admins can enforce SAML SSO so that all organization members must authenticate via an identity provider (IdP).

Downloading your organization's SAML single sign-on recovery codes

Organization owners should download their organization's SAML single sign-on recovery codes to ensure that they can access GitHub Enterprise Cloud even if the identity provider for the organization is unavailable.

Managing team synchronization for your organization

You can enable and disable team synchronization between your identity provider (IdP) and your organization on GitHub Enterprise Cloud.

Disabling SAML single sign-on for your organization

You can disable SAML single sign-on (SSO) for your organization.

Accessing your organization if your identity provider is unavailable

Organization owners can sign into GitHub Enterprise Cloud even if their identity provider is unavailable by bypassing single sign-on (SSO) and using their recovery codes.

Troubleshooting identity and access management for your organization

Review and resolve common troubleshooting errors for managing your organization's SAML SSO, team synchronization, or identity provider (IdP) connection.