Skip to main content

Enforcing policies for security settings in your enterprise

You can enforce policies to manage security settings in your enterprise's organizations, or allow policies to be set in each organization.

Enterprise owners can enforce policies for security settings in an enterprise.

About policies for security settings in your enterprise

You can enforce policies to control the security settings for organizations owned by your enterprise on GitHub AE. By default, organization owners can manage security settings. For more information, see "Keeping your organization secure."

Managing allowed IP addresses for organizations in your enterprise

You can restrict network traffic to your enterprise on GitHub AE. For more information, see "Restricting network traffic to your enterprise."

Managing SSH certificate authorities for your enterprise

You can use a SSH certificate authorities (CA) to allow members of any organization owned by your enterprise to access that organization's repositories using SSH certificates you provide. You can require that members use SSH certificates to access organization resources, unless SSH is disabled in your repository. For more information, see "About SSH certificate authorities."

When you issue each client certificate, you must include an extension that specifies which GitHub AE user the certificate is for. For more information, see "About SSH certificate authorities."

Adding an SSH certificate authority

If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "About SSH certificate authorities."

  1. In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub AE

  2. In the enterprise account sidebar, click Settings. Settings tab in the enterprise account sidebar

  3. In the left sidebar, click Security. Security tab in the enterprise account settings sidebar

  4. To the right of "SSH Certificate Authorities", click New CA. New CA button

  5. Under "Key," paste your public SSH key. Key field to add CA

  6. Click Add CA.

  7. Optionally, to require members to use SSH certificates, select Require SSH Certificates, then click Save. Require SSH Certificate checkbox and save button

Deleting an SSH certificate authority

Deleting a CA cannot be undone. If you want to use the same CA in the future, you'll need to upload the CA again.

  1. In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub AE

  2. In the enterprise account sidebar, click Settings. Settings tab in the enterprise account sidebar

  3. In the left sidebar, click Security. Security tab in the enterprise account settings sidebar

  4. Under "SSH Certificate Authorities", to the right of the CA you want to delete, click Delete. Delete button

  5. Read the warning, then click I understand, please delete this CA. Delete confirmation button

Further reading