Best practices for user security

Outside of instance-level security measures (SSL, subdomain isolation, configuring a firewall) that a site administrator can implement, there are steps your users can take to help protect your GitHub Enterprise instance.

Managing dormant users

A user account is considered to be dormant if it has not been active for at least a month. You may choose to suspend dormant users to free up license seats.

Auditing users across an organization

The Organization Audit Log allows members of an organization's Owners team to review actions performed by members of an organization within the last 90 days.

Suspending and unsuspending users

If a user leaves or moves to a different part of the company, you should remove or modify their ability to access your GitHub Enterprise instance.