About two-factor authentication and SAML single sign-on

Organizations administrators can enable both SAML single sign-on and two-factor authentication to add additional authentication measures for their organization members.

SAML single sign-on is available with GitHub Enterprise Cloud. For more information, see "GitHub's products."

Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization administrators limit the likelihood that a member's GitHub account could be compromised. For more information on 2FA, see "About two-factor authentication."

To add additional authentication measures, organization administrators can also enable SAML single sign-on (SSO) so that organization members must use single sign-on to access an organization. For more information on SAML SSO, see "About identity and access management with SAML single sign-on."

If both 2FA and SAML SSO are enabled, organization members must do the following:

  • Use 2FA to log in to their GitHub account
  • Use single sign-on to access the organization
  • Use an authorized token for API or Git access and use single sign-on to authorize the token

Further reading

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.