About authentication for your enterprise
Site administrators can decide how people authenticate to access a GitHub Enterprise Server instance. You can use GitHub Enterprise Server's built-in authentication, or, if you want to centralize identity and access management for the web applications that your team uses, you can configure an external authentication method.
Authentication methods for GitHub Enterprise Server
The following authentication methods are available for GitHub Enterprise Server.
When you use built-in authentication for your GitHub Enterprise Server instance, each person creates a personal account from an invitation or by signing up. To access your instance, people authenticate with the credentials for the account. For more information, see "Configuring built-in authentication."
If you use an external directory or identity provider (IdP) to centralize access to multiple web applications, you may be able to configure external authentication for your GitHub Enterprise Server instance. For more information, see the following articles.
Note: You can use either SAML or LDAP, but not both.
If you choose to use external authentication, you can also configure fallback authentication for people who don't have an account on your external authentication provider. For example, you may want to grant access to a contractor or machine user. For more information, see "Allowing built-in authentication for users outside your provider."
If you use SAML SSO for authentication, you can also provision users and map IdP groups to teams using SCIM. For more information, see "Configuring user provisioning with SCIM for your enterprise."