Article version: Enterprise Server 2.15

This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2019-10-16. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

User security

Ensure that your GitHub Enterprise Server users are safe. You can audit their security settings or enforce best practices across your instance.

Best practices for user security

Outside of instance-level security measures (SSL, subdomain isolation, configuring a firewall) that a site administrator can implement, there are steps your users can take to help protect your GitHub Enterprise Server instance.

Requiring two-factor authentication for an organization

You can require organization members and outside collaborators to enable two-factor authentication for their personal accounts in an organization, making it harder for malicious actors to access an organization's repositories and settings.

Managing dormant users

A user account is considered to be dormant if it has not been active for at least a month. You may choose to suspend dormant users to free up seats.

Auditing users across your instance

The GitHub Enterprise Server audit log dashboard shows site administrators the actions performed by all users and organizations across your GitHub Enterprise Server instance within the past 90 days. It includes details such as who performed the action, what the action was, and when it was performed.

Suspending and unsuspending users

If a user leaves or moves to a different part of the company, you should remove or modify their ability to access your GitHub Enterprise Server instance.

Auditing SSH keys

Site administrators can initiate an instance-wide audit of SSH keys.

Ask a human

Can't find what you're looking for?

Contact us