Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.
In GitHub Enterprise's case, this additional information is an authentication code that's generated by an application on your smartphone. After 2FA is enabled, GitHub generates an authentication code any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
We strongly urge you to turn on 2FA for the safety of your account, not only on GitHub Enterprise, but on other websites that support it. You can use 2FA to access GitHub Enterprise via:
- The GitHub Enterprise website
- The GitHub API
- GitHub Desktop
Organization owners can require that organization members and outside collaborators use two-factor authentication to secure their personal accounts. For more information, see "Requiring two-factor authentication in your organization."
Authentication methods that support 2FA
Authentication Method | Description | Two-factor authentication support |
---|---|---|
Built-in | Authentication is performed against user accounts that are stored on the GitHub Enterprise appliance. | Supported and managed on the GitHub Enterprise appliance. Organization administrators can require 2FA to be enabled for members of the organization. |
LDAP | Allows integration with your company directory service for authentication. | Supported and managed on the GitHub Enterprise appliance. Organization administrators can require 2FA to be enabled for members of the organization. |
SAML | Authentication is performed on an external identity provider. | Not supported or managed on the GitHub Enterprise appliance, but may be supported by the external identity provider. 2FA enforcement on organizations is not available. |
CAS | Single sign-on service is provided by an external server. | Not supported or managed on the GitHub Enterprise appliance, but may be supported on the external authentication server. 2FA enforcement on organizations is not available. |