Explore by product
Enterprise administrators
This version of GitHub Enterprise was discontinued on 2021-06-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.
Article version: Enterprise Server 2.21
Article version: Enterprise Server 2.21
Authenticating users for your GitHub Enterprise Server instance
You can use GitHub Enterprise Server's built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to your GitHub Enterprise Server instance.
Using built-in authentication→
When you use the default authentication method, all authentication details are stored within your GitHub Enterprise Server instance. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.
Disabling unauthenticated sign-ups→
If you're using built-in authentication, you can block unauthenticated people from being able to create an account.
Using CAS→
CAS is a single sign-on (SSO) protocol for multiple web applications. A CAS user account does not take up a user license until the user signs in.
Using SAML→
SAML is an XML-based standard for authentication and authorization. GitHub Enterprise Server can act as a service provider (SP) with your internal SAML identity provider (IdP).
Using LDAP→
LDAP lets you authenticate GitHub Enterprise Server against your existing accounts and centrally manage repository access. LDAP is a popular application protocol for accessing and maintaining directory information services, and is one of the most common protocols used to integrate third-party software with large company user directories.
Allowing built-in authentication for users outside your identity provider→
You can configure built-in authentication to authenticate users who don't have access to your identity provider that uses LDAP, SAML, or CAS.
Changing authentication methods→
You can change the way GitHub Enterprise Server authenticates with your existing accounts at any time.