Authenticating users for your GitHub Enterprise Server instance

Using built-in authentication

When you use the default authentication method, all authentication details are stored within your GitHub Enterprise Server instance. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.

Disabling unauthenticated sign-ups

If you're using built-in authentication, you can block unauthenticated people from being able to create an account.

Using CAS

CAS is a single sign-on (SSO) protocol for multiple web applications. A CAS user account does not take up a seat until the user signs in.

Using SAML

SAML is an XML-based standard for authentication and authorization. GitHub Enterprise Server can act as a service provider (SP) with your internal SAML identity provider (IdP).

Using LDAP

LDAP lets you authenticate GitHub Enterprise Server against your existing accounts and centrally manage repository access. LDAP is a popular application protocol for accessing and maintaining directory information services, and is one of the most common protocols used to integrate third-party software with large company user directories.

Allowing built-in authentication for users outside your identity provider

You can configure built-in authentication to authenticate users who don't have access to your identity provider that uses LDAP, SAML, or CAS.

Changing authentication methods

You can change the way GitHub Enterprise Server authenticates with your existing accounts at any time.