Teams give organizations the ability to create groups of members and control access to repositories. Team members can be granted read, write, or admin permissions to specific repositories.
Teams are central to many of GitHub's collaborative features, such as team @mentions to notify appropriate parties that you'd like to request their input or attention. For more details on how you can use organizations and teams to control repository access, see "Permission levels for an organization repository".
Teams can map to physical teams within your company, but they can also represent areas of interest or expertise. For example, a team of accessibility experts on your Enterprise instance could comprise people from several different departments. In this way, teams can represent functional concerns that complement a company's existing divisional hierarchy.
Creating a team
A prudent combination of teams is a powerful way to control repository access. For example, if your organization allows only your release engineering team to push code to the master
branch of any repository, you could give only the release engineering team admin permissions to your organization's repositories and give all other teams read permissions.
In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
Under your organization name, click Teams.
On the right side of the Teams tab, click New team.
On the "Create new team" page, type the name for your new team.
Optionally, in the "Description" field, type a description of the team.
-
Decide whether the team will be Visible or Secret.
- Any member of the organization can see or @mention a visible team. They're great for managing projects or functional groups, such as designers or people interested in accessibility.
- A secret team can only be seen by the members of that team. This is useful for managing repository access to sensitive project repositories.
Click Create team.
Creating teams with LDAP Sync enabled
Instances using LDAP for user authentication can use LDAP Sync to manage a team's members by mapping a team to an LDAP group on your LDAP server by setting the groups Distinguished Name (DN) in the LDAP group field. This automates granting and removing access to repositories based on LDAP Group membership, so normal team member management within your GitHub Enterprise instance is disabled. The mapped team will sync its members in the background and periodically at the interval configured when LDAP Sync was enabled.
Notes:
- LDAP Sync only manages the team's member list. You must manage the team's repositories and permissions from within GitHub Enterprise.
- If an LDAP group mapping to a DN is removed, such as if the LDAP group is deleted, then every member is removed from the synced GitHub Enterprise team. To fix this, map the team to a new DN, add the team members back, and manually sync the mapping.
Ensure that LDAP Sync is enabled.
In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
On the "Create new team" page, type the name for your new team.
Search for an LDAP group's DN to map the team to. If you don't know the DN, type the LDAP group's name. GitHub Enterprise will search for and autocomplete any matches.
Optionally, in the "Description" field, type a description of the team.
-
Decide whether the team will be Visible or Secret.
- Any member of the organization can see or @mention a visible team. They're great for managing projects or functional groups, such as designers or people interested in accessibility.
- A secret team can only be seen by the members of that team. This is useful for managing repository access to sensitive project repositories.
Click Create team.