About two-factor authentication and SAML single sign-on

Organizations administrators can enable both SAML single sign-on and two-factor authentication to add additional authentication measures for their organization members.

SAML single sign-on is available with GitHub Enterprise Cloud. For more information, see "GitHub's products."

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization administrators limit the likelihood that a member's GitHub account could be compromised. For more information on 2FA, see "About two-factor authentication."

To add additional authentication measures, organization administrators can also enable SAML single sign-on (SSO) so that organization members must use single sign-on to access an organization. For more information on SAML SSO, see "About identity and access management with SAML single sign-on."

If both 2FA and SAML SSO are enabled, organization members must do the following:

  • Use 2FA to log in to their GitHub account
  • Use single sign-on to access the organization
  • Use an authorized token for API or Git access and use single sign-on to authorize the token

Further reading

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.