Configuring SCIM provisioning for Enterprise Managed Users

You can configure your identity provider to provision new users and manage their membership in your enterprise and teams.

To manage users in your enterprise with your identity provider, your enterprise must be enabled for Enterprise Managed Users, which are available with GitHub Enterprise Cloud. For more information, see "About Enterprise Managed Users."

About provisioning for Enterprise Managed Users

You can configure provisioning for Enterprise Managed Users to create, manage, and deactivate user accounts for your enterprise members. When you configure provisioning for Enterprise Managed Users, users assigned to the GitHub Enterprise Managed User application in your identity provider are provisioned as new user accounts on GitHub via SCIM, and the users are added to your enterprise.

When you update information associated with a user's identity on your IdP, your IdP will update the user's account on GitHub.com. When you unassign the user from the GitHub Enterprise Managed User application or deactivate a user's account on your IdP, your IdP will communicate with GitHub to invalidate any SAML sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username with the short code appended. If you reassign a user to the GitHub Enterprise Managed User application or reactivate their account on your IdP, the managed user account on GitHub will be reactivated and username restored.

Groups in your IdP can be used to manage team membership within your enterprise's organizations, allowing you to configure repository access and permissions through your IdP. For more information, see "Managing team memberships with identity provider groups."

必要な環境

Before you can configure provisioning for Enterprise Managed Users, you must configure SAML single-sign on. For more information, see "Configuring SAML single sign-on for Enterprise Managed Users."

個人アクセストークンを使用する

To configure provisioning for your enterprise with managed users, you need a personal access token with the admin:enterprise scope that belongs to the setup user.

Warning: If the token expires or a provisioned user creates the token, SCIM provisioning may unexpectedly stop working. Make sure that you create the token while signed in as the setup user and that the token expiration is set to "No expiration".

  1. Sign into GitHub.com as the setup user for your new enterprise with the username @SHORT-CODE_admin.
  2. 任意のページの右上で、プロフィール画像をクリックし、続いてSettings(設定)をクリックしてください。 ユーザバーの [Settings(設定)] アイコン
  3. 左サイドバーで [Developer settings] をクリックします。 開発者設定
  4. 左のサイドバーでPersonal access tokens(個人アクセストークン)をクリックしてください。 個人アクセストークン
  5. [Generate new token] をクリックします。 [Generate new token] ボタン
  6. Under Note, give your token a descriptive name. Screenshot showing the token's name
  7. Select the Expiration drop-down menu, then click No expiration. Screenshot showing token expiration set to no expiration
  8. Select the admin:enterprise scope. Screenshot showing the admin:enterprise scope
  9. [Generate token] をクリックします。 [Generate token] ボタン
  10. To copy the token to your clipboard, click the . 新しく作成されたトークン
  11. To save the token for use later, store the new token securely in a password manager.

Configuring provisioning for Enterprise Managed Users

After creating your personal access token and storing it securely, you can configure provisioning on your identity provider.

To configure Azure Active Directory to provision users for your enterprise with managed users, see Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning in the Azure AD documentation.

To configure Okta to provision users for your enterprise with managed users, see "Configuring SCIM provisioning for Enterprise Managed Users with Okta."

このドキュメントは役立ちましたか?

プライバシーポリシー

これらのドキュメントを素晴らしいものにするのを手伝ってください!

GitHubのすべてのドキュメントはオープンソースです。間違っていたり、はっきりしないところがありましたか?Pull Requestをお送りください。

コントリビューションを行う

OR, コントリビューションの方法を学んでください。

問題がまだ解決していませんか?