Authenticating users for your GitHub Enterprise Server instance
You can use GitHub Enterprise Server's built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to your GitHub Enterprise Server instance.
Using built-in authentication
When you use the default authentication method, all authentication details are stored within your GitHub Enterprise Server instance. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.
Disabling unauthenticated sign-ups
If you're using built-in authentication, you can block unauthenticated people from being able to create an account.
Using CAS
CAS is a single sign-on (SSO) protocol for multiple web applications. A CAS user account does not take up a seat until the user signs in.
Using SAML
SAML is an XML-based standard for authentication and authorization. GitHub Enterprise Server can act as a service provider (SP) with your internal SAML identity provider (IdP).
Using LDAP
LDAP lets you authenticate GitHub Enterprise Server against your existing accounts and centrally manage repository access. LDAP is a popular application protocol for accessing and maintaining directory information services, and is one of the most common protocols used to integrate third-party software with large company user directories.
Allowing built-in authentication for users outside your identity provider
You can configure built-in authentication to authenticate users who don't have access to your identity provider that uses LDAP, SAML, or CAS.
Changing authentication methods
You can change the way GitHub Enterprise Server authenticates with your existing accounts at any time.