About built-in authentication for users outside your identity provider
You can use built-in authentication for outside users when you are unable to add specific accounts to your identity provider (IdP), such as accounts for contractors or machine users. You can also use built-in authentication to access a fallback account if the identity provider is unavailable.
After built-in authentication is configured and a user successfully authenticates with SAML or CAS, they will no longer have the option to authenticate with a username and password. If a user successfully authenticates with LDAP, the credentials are no longer considered internal.
Built-in authentication for a specific IdP is disabled by default.
Warning: If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "Suspending and unsuspending users."
Configuring built-in authentication for users outside your identity provider
-
From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .
-
If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.
-
In the left sidebar, click Management Console.
-
In the left sidebar, click Authentication.
-
Select your identity provider.
-
Select Allow creation of accounts with built-in authentication.
-
Read the warning, then click Ok.
Two-factor authentication
When using LDAP or built-in authentication, two-factor authentication is supported. Organization administrators can require members to have two-factor authentication enabled.
Inviting users outside your identity provider to authenticate to your instance
When a user accepts the invitation, they can use their username and password to sign in rather than signing in through the IdP.
-
Sign in to your GitHub Enterprise Server instance at
http(s)://HOSTNAME/login
. -
From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .
-
If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.
-
In the left sidebar, click Invite user.
-
Type the username and email address for each of the user accounts that you'd like to create, then click Generate a password reset link.
Further reading
- "Using LDAP"
- "Using SAML"
- "Using CAS"