Authenticating users for your GitHub Enterprise Server instance
You can use GitHub Enterprise Server's built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to your GitHub Enterprise Server instance.
Using built-in authentication→
When you use the default authentication method, all authentication details are stored within your GitHub Enterprise Server instance. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.
Disabling unauthenticated sign-ups→
If you're using built-in authentication, you can block unauthenticated people from being able to create an account.
CAS is a single sign-on (SSO) protocol for multiple web applications. A CAS user account does not take up a user license until the user signs in.
SAML is an XML-based standard for authentication and authorization. GitHub Enterprise Server can act as a service provider (SP) with your internal SAML identity provider (IdP).
LDAP lets you authenticate GitHub Enterprise Server against your existing accounts and centrally manage repository access. LDAP is a popular application protocol for accessing and maintaining directory information services, and is one of the most common protocols used to integrate third-party software with large company user directories.
Allowing built-in authentication for users outside your identity provider→
You can configure built-in authentication to authenticate users who don't have access to your identity provider that uses LDAP, SAML, or CAS.
Changing authentication methods→
You can change the way GitHub Enterprise Server authenticates with your existing accounts at any time.