Requiring two-factor authentication in your organization

Organization owners can require organization members and outside collaborators to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.

En este artículo

About two-factor authentication for organizations

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. You can require all members and outside collaborators in your organization to enable two-factor authentication on GitHub Enterprise. For more information about two-factor authentication, see "Securing your account with two-factor authentication (2FA)."

Warnings:

  • When you require use of two-factor authentication for your organization, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization.
  • If an organization owner, member, or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization.
  • If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.

Métodos de autenticación que admiten la 2FA

Método de autenticaciónDescripciónSoporte técnico de la autenticación de dos factores
IncorporadaLa autenticación se realiza para las cuentas de usuario que están almacenadas en el aparato del Servidor de GitHub Enterprise.Recibe soporte técnico y se administra en el aparato del Servidor de GitHub Enterprise. Los administradores de la organización pueden solicitar que se habilite la 2FA para los miembros de la organización.
Autenticación incorporada con un proveedor de identidadLa autenticación se realiza para las cuentas de usuario que están almacenadas en el proveedor de identidad.Depende del proveedor de identidad.
LDAPPermite la integración con el servicio de directorio de tu empresa para la autenticación.Recibe soporte técnico y se administra en el aparato del Servidor de GitHub Enterprise. Los administradores de la organización pueden solicitar que se habilite la 2FA para los miembros de la organización.
SAMLLa autenticación se realiza en un proveedor de identidad externo.No se soporta o administra en el aplicativo de Servidor de GitHub Enterprise, pero puede que sí lo haga el proveedor de autenticación externo. No está disponible la implementación de la autenticación de dos factores en organizaciones.
CASEl servicio de inicio de sesión único lo proporciona un servidor externo.No se soporta o administra en el aplicativo de Servidor de GitHub Enterprise, pero puede que sí lo haga el proveedor de autenticación externo. No está disponible la implementación de la autenticación de dos factores en organizaciones.

Prerequisites

Before you can require organization members and outside collaborators to use two-factor authentication, you must enable two-factor authentication for your account on GitHub Enterprise. For more information, see "Securing your account with two-factor authentication (2FA)."

Before you require use of two-factor authentication, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can see if members and outside collaborators already use 2FA. For more information, see "Viewing whether users in your organization have 2FA enabled."

Requiring two-factor authentication in your organization

  1. En la parte izquierda de tu página de perfil, debajo de "Organizaciones", da clic en el icono de tu organización. iconos de organización

  2. Next to the organization, click Settings. The settings button

  3. En la barra lateral izquierda, da clic en Seguridad de la organización. Configuración de seguridad de la organización

  4. Debajo de "Autenticación", selecciona Requerir autenticación de dos factores para todos en tu organización, y después da clic en Guardar. Casilla de Requerir autenticación bifactorial

  5. Si se te solicita, lee la información acerca de los miembros y colaboradores externos que se eliminarán de la organización. Teclea el nombre de tu organización para confirmar el cambio y posteriormente da clic en Eliminar miembros & requerir autenticación de dos factores. Cuadro Confirmar aplicación obligatoria de dos factores

Viewing people who were removed from your organization

To view people who were automatically removed from your organization for non-compliance when you required two-factor authentication, you can search your organization's audit log for people removed from your organization. The audit log event will show if a person was removed for 2FA non-compliance.

Audit log event showing a user removed for 2FA non-compliance

  1. En la parte izquierda de tu página de perfil, debajo de "Organizaciones", da clic en el icono de tu organización. iconos de organización

  2. Next to the organization, click Settings. The settings button

  3. En la barra lateral de Parámetros, haz clic en Audit Log (Registro de auditoría). Parámetros de registro de auditoría de org en barra lateral

  4. Enter your search query. To search for:

    • Organization members removed, use action:org.remove_member in your search query
    • Outside collaborators removed, use action:org.remove_outside_collaborator in your search query

    You can also view people who were removed from your organization by using a time frame in your search.

Helping removed members and outside collaborators rejoin your organization

If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.

Further reading

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.