Synchronizing a team with an identity provider group

You can synchronize a GitHub Enterprise team with an identity provider (IdP) group to automatically add and remove team members.

Organization owners and team maintainers can synchronize a GitHub team with an IdP group.

La sincronización de equipos se encuentra disponible para cuentas organizacionales y empresariales que que utilicen GitHub Enterprise Cloud.

En este artículo

Nota: La sincronización de equipos con Okta se encuentra actualmente en beta y está sujeta a cambios.

About team synchronization

Cuando sincronizas un equipo de GitHub con un grupo de IdP, los cambios a este grupo se reflejan automáticamente en GitHub Enterprise, reduciendo la necesidad de hacer actualizaciones manuales y scripts personalizados. Puedes utilizar un IdP con la sincronización de equipos para gestionar las tareas administrativas tales como el incorporar miembros nuevos, otorgar permisos nuevos para hacer movimientos dentro de una organización, y eliminar el acceso de un miembro a la organización.

You can connect a team on GitHub Enterprise to one IdP group. All users in the group are automatically added to the team and also added to the parent organization as members. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization. You can assign an IdP group to multiple GitHub Enterprise teams.

Once a GitHub team is connected to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on GitHub Enterprise.

When group membership changes on your IdP, your IdP sends a SCIM request with the changes to GitHub Enterprise according to the schedule determined by your IdP. Any requests that change GitHub team or organization membership will register in the audit log as changes made by the account used to configure user provisioning. For more information about this account, see "Configuring user provisioning for your enterprise." For more information about SCIM request schedules, see "Check the status of user provisioning" in the Microsoft Docs.

Parent teams cannot synchronize with IdP groups. If the team you want to connect to an IdP group is a parent team, we recommend creating a new team or removing the nested relationships that make your team a parent team. For more information, see "About teams," "Creating a team," and "Moving a team in your organization's hierarchy."

To manage repository access for any GitHub team, including teams connected to an IdP group, you must make changes with GitHub Enterprise. For more information, see "About teams" and "Managing team access to an organization repository."

Prerequisites

Before you can connect a GitHub Enterprise team with an IdP group, you must first configure user provisioning for tu instancia de servidor de GitHub Enterprise using a supported System for Cross-domain Identity Management (SCIM). For more information, see "Configuring user provisioning for your enterprise."

Once user provisioning for GitHub Enterprise is configured using SCIM, you can assign the GitHub Enterprise application to every IdP group that you want to use on GitHub Enterprise. For more information, see Configure automatic user provisioning to GitHub AE in the Microsoft Docs.

Connecting an IdP group to a team

When you connect an IdP group to a GitHub Enterprise team, all users in the group are automatically added to the team. Any users who were not already members of the parent organization members are also added to the organization.

  1. En la parte izquierda de tu página de perfil, debajo de "Organizaciones", da clic en el icono de tu organización. iconos de organización

  2. Click the name of your organization. Organization name in list of organizations

  3. Debajo de tu nombre de organización, da clic en Equipos. Pestaña de equipos

  4. En la pestaña de Equipos, da clic en el nombre del equipo. Lista de los equipos de la organización

  5. En la parte superior de la página del equipo, da clic en Configuración. Pestaña de configuración de equipo

  6. Under "Identity Provider Group", use the drop-down menu, and select an identity provider group from the list. Drop-down menu to choose identity provider group

  7. Click Save changes.

Disconnecting an IdP group from a team

If you disconnect an IdP group from a GitHub team, team members that were assigned to the GitHub team through the IdP group will be removed from the team. Any users who were members of the parent organization only because of that team connection are also removed from the organization.

  1. En la parte izquierda de tu página de perfil, debajo de "Organizaciones", da clic en el icono de tu organización. iconos de organización

  2. Click the name of your organization. Organization name in list of organizations

  3. Debajo de tu nombre de organización, da clic en Equipos. Pestaña de equipos

  4. En la pestaña de Equipos, da clic en el nombre del equipo. Lista de los equipos de la organización

  5. En la parte superior de la página del equipo, da clic en Configuración. Pestaña de configuración de equipo

  6. Under "Identity Provider Group", to the right of the IdP group you want to disconnect, click . Unselect a connected IdP group from the GitHub team

  7. Click Save changes.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.