Everyone in an enterprise is a member of the enterprise. To control access to your enterprise's settings and data, you can assign different roles to members of your enterprise.
Outside of instance-level security measures (SSL, subdomain isolation, configuring a firewall) that a site administrator can implement, there are steps your users can take to help protect your enterprise.
You can add enterprise owners to your enterprise account. You can also remove enterprise owners who no longer need access to the enterprise account.
Site administrators can promote any normal user account to a site administrator, as well as demote other site administrators to regular users.
To audit access to enterprise-owned resources or user license usage, enterprise owners can view every administrator and member of the enterprise.
The audit log dashboard shows site administrators the actions performed by all users and organizations across your enterprise within the current month and previous six months. The audit log includes details such as who performed the action, what the action was, and when the action was performed.
You can impersonate users and perform actions on their behalf, for troubleshooting, unblocking, and other legitimate reasons.
By default, a user account is considered to be dormant if it has not been active for 90 days. You can configure the length of time a user must be inactive to be considered dormant and choose to suspend dormant users to release user licenses.
If a user leaves or moves to a different part of the company, you should remove or modify their ability to access your GitHub Enterprise Server instance.
You can place a legal hold on a user or organization to ensure that repositories they own cannot be permanently removed from your enterprise.
Site administrators can initiate an instance-wide audit of SSH keys.
You can create custom messages that users will see on your GitHub Enterprise Server instance.
You may need to rebuild contributions data to link existing commits to a user account.