This version of GitHub Enterprise was discontinued on 2021-06-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Authenticating users for your GitHub Enterprise Server instance

You can use GitHub Enterprise Server's built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to your GitHub Enterprise Server instance.

  • Using built-in authentication

    When you use the default authentication method, all authentication details are stored within your GitHub Enterprise Server instance. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.

  • Disabling unauthenticated sign-ups

    If you're using built-in authentication, you can block unauthenticated people from being able to create an account.

  • Using CAS

    CAS is a single sign-on (SSO) protocol for multiple web applications. A CAS user account does not take up a user license until the user signs in.

  • Using SAML

    SAML is an XML-based standard for authentication and authorization. GitHub Enterprise Server can act as a service provider (SP) with your internal SAML identity provider (IdP).

  • Using LDAP

    LDAP lets you authenticate GitHub Enterprise Server against your existing accounts and centrally manage repository access. LDAP is a popular application protocol for accessing and maintaining directory information services, and is one of the most common protocols used to integrate third-party software with large company user directories.

  • Allowing built-in authentication for users outside your identity provider

    You can configure built-in authentication to authenticate users who don't have access to your identity provider that uses LDAP, SAML, or CAS.

  • Changing authentication methods

    You can change the way GitHub Enterprise Server authenticates with your existing accounts at any time.