About Enterprise Managed Users

You can centrally manage identity and access for your enterprise members on GitHub from your identity provider.

Para administrar a los usuarios de tu empresa con tu proveedor de identidad, esta debe habilitarse para Usuarios Administrados de Enterprise, los cuales están disponibles con Nube de GitHub Enterprise. Para obtener más información, consulta la sección "Acerca de Usuarios Administrados de Enterprise".

About Usuarios Administrados de Enterprise

With Usuarios Administrados de Enterprise, you can control the user accounts of your enterprise members through your identity provider (IdP). You can simplify authentication with SAML single sign-on (SSO) and provision, update, and deprovision user accounts for your enterprise members. Users assigned to the Usuario Administrado de GitHub Enterprise application in your IdP are provisioned as new user accounts on GitHub and added to your enterprise. You control usernames, profile data, team membership, and repository access from your IdP.

In your IdP, you can give each usuario administrado the role of user, enterprise owner, or billing manager. Usuarios administrados can own organizations within your enterprise and can add other usuarios administrados to the organizations and teams within. For more information, see "Roles in an enterprise" and "About organizations."

You can also manage team membership within an organization in your enterprise directly through your IdP, allowing you to manage repository access using groups in your IdP. Organization membership can be managed manually or updated automatically as usuarios administrados are added to teams within the organization. For more information, see "Managing team memberships with identity provider groups."

You can grant usuarios administrados access and the ability to contribute to repositories within your enterprise, but usuarios administrados cannot create public content or collaborate with other users, organizations, and enterprises on the rest of GitHub. The usuarios administrados provisioned for your enterprise cannot be invited to organizations or repositories outside of the enterprise, nor can the usuarios administrados be invited to other enterprises. Outside collaborators are not supported by Usuarios Administrados de Enterprise.

The usernames of your enterprise's usuarios administrados and their profile information, such as display names and email addresses, are set by through your IdP and cannot be changed by the users themselves. For more information, see "Usernames and profile information."

Los Usuarios administrados no pueden bifurcar repositorios desde fuera de la empresa ni bifurcar repositorios internos. Los Usuarios administrados pueden bifurcar repositorios privados que pertenezcan a organizaciones en la empresa hacia otras organizaciones que también pertenezcan a ella o como una bifurcación que pertenezca al usuario administrado.

Enterprise owners can audit all of the usuarios administrados' actions on GitHub.

To use Usuarios Administrados de Enterprise, you need a separate type of enterprise account with Usuarios Administrados de Enterprise enabled. For more information about creating this account, see "About enterprises with managed users."

Identity provider support

Usuarios Administrados de Enterprise supports the following IdPs:

  • Azure Active Directory (Azure AD)
  • Okta

Abilities and restrictions of usuarios administrados

Usuarios administrados can only contribute to private and internal repositories within their enterprise and private repositories owned by their user account. Usuarios administrados have read-only access to the wider GitHub community.

  • Usuarios administrados cannot create issues or pull requests in, comment or add reactions to, nor star, watch, or fork repositories outside of the enterprise.
  • Usuarios administrados can view all public repositories on GitHub.com, but cannot push code to repositories outside of the enterprise.
  • Usuarios administrados and the content they create is only visible to other members of the enterprise.
  • Usuarios administrados cannot follow users outside of the enterprise.
  • Usuarios administrados cannot create gists or comment on gists.
  • Usuarios administrados cannot install GitHub Apps on their user accounts.
  • Other GitHub users cannot see, mention, or invite a usuario administrado to collaborate.
  • Usuarios administrados can only own private repositories and usuarios administrados can only invite other enterprise members to collaborate on their owned repositories.
  • Only private and internal repositories can be created in organizations owned by an empresa con usuarios administrados, depending on organization and enterprise repository visibility settings.

About enterprises with managed users

To use Usuarios Administrados de Enterprise, you need a separate type of enterprise account with Usuarios Administrados de Enterprise enabled. To try out Usuarios Administrados de Enterprise or to discuss options for migrating from your existing enterprise, please contact GitHub's Sales team.

Your contact on the GitHub Sales team will work with you to create your new empresa con usuarios administrados. You'll need to provide the email address for the user who will set up your enterprise and a short code that will be used as the suffix for your enterprise members' usernames. El código corto debe ser único para tu empresa, debe ser una secuencia de tres a ocho caracteres alfanuméricos que no contenga caracteres especiales. For more information, see "Usernames and profile information."

After we create your enterprise, you will receive an email from GitHub inviting you to choose a password for your enterprise's setup user, which will be the first owner in the enterprise. Use an incognito or private browsing window when setting the password. The setup user is only used to configure SAML single sign-on and SCIM provisioning integration for the enterprise. It will no longer have access to administer the enterprise account once SAML is successfully enabled.

The setup user's username is your enterprise's shortcode suffixed with _admin. After you log in to your setup user, you can get started by configuring SAML SSO for your enterprise. For more information, see "Configuring SAML single sign-on for Enterprise Managed Users."

Si necesitas restablecer la contraseña de tu usuario de configuración, utiliza una ventana privada o de modo incógnito para solicitar una contraseña nueva. Cuando recibas el correo electrónico con el enlace para restablecer tu contraseña, cópialo en tu buscador. Para obtener más información sobre cómo restablecer tu contraseña, consulta la sección "Solicitar una contraseña nueva".

Authenticating as a usuario administrado

Usuarios administrados must authenticate through their identity provider.

To authenticate, usuarios administrados must visit their IdP application portal or https://github.com/enterprises/ENTERPRISE_NAME, replacing ENTERPRISE_NAME with your enterprise's name.

Usernames and profile information

When your empresa con usuarios administrados is created, you will choose a short code that will be used as the suffix for your enterprise member's usernames. El código corto debe ser único para tu empresa, debe ser una secuencia de tres a ocho caracteres alfanuméricos que no contenga caracteres especiales. The setup user who configures SAML SSO has a username in the format of @SHORT-CODE_admin.

When you provision a new user from your identity provider, the new usuario administrado will have a GitHub Enterprise Cloud username in the format of @IDP-USERNAME_SHORT-CODE. When using Azure Active Directory (Azure AD), IDP-USERNAME is formed by normalizing the characters preceding the @ character in the UPN (User Principal Name) provided by Azure AD. When using Okta, IDP-USERNAME is the normalized username attribute provided by Okta.

The username of the new account provisioned on GitHub Enterprise Cloud, including underscore and short code, must not exceed 39 characters.

The profile name and email address of a usuario administrado is also provided by the IdP. Usuarios administrados cannot change their profile name or email address on GitHub.

¿Te ayudó este documento?

Política de privacidad

¡Ayúdanos a hacer geniales estos documentos!

Todos los documentos de GitHub son de código abierto. ¿Notas algo que esté mal o que no sea claro? Emite una solicitud de cambios.

Haz una contribución

O, aprende cómo contribuir.