GitHub AE is currently under limited release. Please contact our Sales Team to find out more.
GitHub AE
English
 
Enterprise administrators
  • Get started
  • Account and profile
  • Authentication
  • Repositories
  • GitHub
  • Enterprise administrators
  • Billing and payments
  • Organizations
  • Code security
  • Pull requests
  • GitHub Issues
  • GitHub Actions
  • GitHub Codespaces
  • GitHub Packages
  • Search on GitHub
  • Developers
  • REST API
  • GraphQL API
  • GitHub CLI
  • GitHub Discussions
  • GitHub Sponsors
  • Building communities
  • GitHub Pages
  • Education
  • GitHub Desktop
  • GitHub Support
  • Atom
  • Electron
  • CodeQL
  • npm
    • GitHub AE
  • Enterprise Cloud
  • Enterprise Server 3.3
  • Enterprise Server 3.2
  • Enterprise Server 3.1
  • Enterprise Server 3.0
  • GitHub AE
    • English
  • English
  • 简体中文 (Simplified Chinese)
  • 日本語 (Japanese)
  • Español (Spanish)
  • Português do Brasil (Portuguese)

    •  

    Enforcing policies for security settings in your enterprise

    In this article

    You can enforce policies to manage security settings in your enterprise's organizations, or allow policies to be set in each organization.

    Enterprise owners can enforce policies for security settings in an enterprise.

    About policies for security settings in your enterprise

    You can enforce policies to control the security settings for organizations owned by your enterprise on GitHub AE. By default, organization owners can manage security settings. For more information, see "Keeping your organization secure."

    Managing allowed IP addresses for organizations in your enterprise

    You can restrict network traffic to your enterprise on GitHub AE. For more information, see "Restricting network traffic to your enterprise."

    Managing SSH certificate authorities for your enterprise

    You can use a SSH certificate authorities (CA) to allow members of any organization owned by your enterprise to access that organization's repositories using SSH certificates you provide. You can require that members use SSH certificates to access organization resources, unless SSH is disabled in your repository. For more information, see "About SSH certificate authorities."

    Adding an SSH certificate authority

    When you issue each client certificate, you must include an extension that specifies which GitHub AE user the certificate is for. For more information, see "About SSH certificate authorities."

    1. In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub AE

    2. In the enterprise account sidebar, click Settings. Settings tab in the enterprise account sidebar

    3. In the left sidebar, click Security. Security tab in the enterprise account settings sidebar

    4. To the right of "SSH Certificate Authorities", click New CA. New CA button

    5. Under "Key," paste your public SSH key. Key field to add CA

    6. Click Add CA.

    7. Optionally, to require members to use SSH certificates, select Require SSH Certificates, then click Save. Require SSH Certificate checkbox and save button

    Deleting an SSH certificate authority

    Deleting a CA cannot be undone. If you want to use the same CA in the future, you'll need to upload the CA again.

    1. In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub AE

    2. In the enterprise account sidebar, click Settings. Settings tab in the enterprise account sidebar

    3. In the left sidebar, click Security. Security tab in the enterprise account settings sidebar

    4. Under "SSH Certificate Authorities", to the right of the CA you want to delete, click Delete. Delete button

    5. Read the warning, then click I understand, please delete this CA. Delete confirmation button

    Further reading

    Did this doc help you?

    Privacy policy

    Help us make these docs great!

    All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

    Make a contribution

    Or, learn how to contribute.