CAS is a single sign-on protocol for accessing web applications that is supported by GitHub Enterprise.

Once you have successfully configured CAS authentication, users will sign into your GitHub Enterprise appliance with their CAS credentials.

License seats

A CAS user account does not take up a license seat until someone signs into it at least once.

Valid usernames

If your CAS server has usernames that contain any non-alphanumeric characters other than hyphens, GitHub Enterprise will automatically replace those characters with hyphens. For example, a CAS username of firstname.lastname will be converted—or "normalized"—into a GitHub Enterprise username of firstname-lastname. Note that this may cause multiple CAS account names (such as firstname.lastname and firstname_lastname) to be normalized into the same Enterprise account name.

Access tokens

If you choose to enable CAS on your GitHub Enterprise appliance, note that you will not be able to use your username and password to authenticate API requests or Git operations over HTTP/HTTPS. You will need to create an access token to use instead.


If your CAS server uses a certificate that can't be validated by GitHub Enterprise, you can use the ghe-ssl-ca-certificate-install command-line utility to install it as a trusted certificate.

Site administrators

The first CAS user account to sign into your appliance will be automatically promoted to a site administrator.

Further reading