Skip to main content

Habilitación de colaboradores invitados

Puedes usar el rol de colaborador invitado para conceder acceso limitado a proveedores y contratistas de tu organización.

About guest collaborators


  • The guest collaborator feature is currently in public beta and subject to change.
  • The guest collaborator role is only available with Enterprise Managed Users.

If your enterprise uses Enterprise Managed Users, you can use the role of guest collaborator to grant limited access to vendors and contractors. For more information, see "Roles in an enterprise."

All repository access for organization members, including guest collaborators, is governed by the base permission policy for the organization. For more information, see "Setting base permissions for an organization."

If you use Microsoft Entra ID (previously known as Azure AD) or Okta for SAML authentication, or if you use Entra ID for OIDC authentication, you may need to update your IdP application to use guest collaborators.

Enabling guest collaborators with Entra ID

  1. Sign into the Microsoft Azure portal.

  2. Click Identity.

  3. Click Applications.

  4. Click Enterprise applications.

  5. Click All applications.

  6. View the details for your Enterprise Managed Users application

  7. In the left sidebar, click Users and Groups.

  8. View the application registration.

    • If the application registration displays the "Restricted User" or "Guest Collaborator" roles, you're ready to invite guest collaborators to your enterprise.
    • If the application registration does not display the roles, proceed to the next step.
  9. In the Azure portal, click App registrations.

  10. Click All applications, then use the search bar to find your application for Enterprise Managed Users.

  11. Click your SAML or OIDC application.

  12. In the left sidebar, click Manifest.

  13. Under "appRoles", add the following:

      "allowedMemberTypes": [
      "description": "Guest Collaborator",
      "displayName": "Guest Collaborator",
      "id": "1ebc4a02-e56c-43a6-92a5-02ee09b90824",
      "isEnabled": true,
      "lang": null,
      "origin": "Application",
      "value": null

    Note: The id value is critical. If another id value is present, the update will fail.

  14. Click Save.

Enabling guest collaborators with Okta

To add the guest collaborator role to your Okta application:

  1. Navigate to your application for Enterprise Managed Users on Okta.

  2. Click Provisioning.

  3. Click Go to Profile Editor.

  4. Find "Roles" at the bottom of the profile editor and click the edit icon.

  5. Add a new role.

    • For "Display name", type Guest Collaborator.
    • For "Value", type guest_collaborator.
  6. Click Save.

Enabling guest collaborators with PingFederate

For more information about adding guest collaborators using PingFederate, see "Configure PingFederate for provisioning and SSO."

Enabling guest collaborators with the GitHub REST API

For more information about adding guest collaborators with SCIM using GitHub's REST API, see "Provisioning users and groups with SCIM using the REST API."

Adding guest collaborators to your enterprise

After you enable guest collaborators, you can add guest collaborators to your enterprise as you would any other user. For more information, see "Configuring SCIM provisioning for Enterprise Managed Users."