Skip to main content

Synchronizing a team with an identity provider group

You can synchronize a GitHub Enterprise Server team with a supported identity provider (IdP) group to automatically add and remove team members.

Who can use this feature

Organization owners and team maintainers can synchronize a GitHub team with an IdP group.

About team synchronization

If team sync is enabled for your organization or enterprise account, you can synchronize a GitHub team with an IdP group. When you synchronize a GitHub team with an IdP group, membership changes to the IdP group are reflected on GitHub Enterprise Server automatically, reducing the need for manual updates and custom scripts.

You can assign an IdP group to multiple GitHub Enterprise Server teams.

Once a GitHub team is connected to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on GitHub Enterprise Server.

Parent teams cannot synchronize with IdP groups. If the team you want to connect to an IdP group is a parent team, we recommend creating a new team or removing the nested relationships that make your team a parent team. For more information, see "About teams," "Creating a team," and "Moving a team in your organization's hierarchy."

To manage repository access for any GitHub team, including teams connected to an IdP group, you must make changes with GitHub Enterprise Server. For more information, see "About teams" and "Managing team access to an organization repository."

Prerequisites

You must configure user provisioning with SCIM for your GitHub Enterprise Server instance. For more information, see "Configuring user provisioning with SCIM for your enterprise."

Note: SCIM for GitHub Enterprise Server is currently in private beta and is subject to change. For access to the beta, contact your account manager on GitHub's Sales team. Please provide feedback in the GitHub Community discussion.

Warning: The beta is exclusively for testing and feedback, and no support is available. GitHub recommends testing with a staging instance. For more information, see "Setting up a staging instance."

Connecting an IdP group to a team

When you connect an IdP group to a GitHub Enterprise Server team, all users in the group are automatically added to the team.

  1. In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations. Your organizations in the profile menu

  2. Click the name of your organization. Organization name in list of organizations

  3. Under your organization name, click Teams.

    Teams tab

  4. On the Teams tab, click the name of the team. List of the organization's teams

  5. At the top of the team page, click Settings. Team settings tab

  6. Click Save changes.

Disconnecting an IdP group from a team

If you disconnect an IdP group from a GitHub team, team members that were assigned to the GitHub team through the IdP group will be removed from the team.

  1. In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations. Your organizations in the profile menu

  2. Click the name of your organization. Organization name in list of organizations

  3. Under your organization name, click Teams.

    Teams tab

  4. On the Teams tab, click the name of the team. List of the organization's teams

  5. At the top of the team page, click Settings. Team settings tab

  6. Click Save changes.