Skip to main content

Getting started with data residency for GitHub Enterprise Cloud

Set up your enterprise on GHE.com by onboarding users, enabling billing, and migrating data.

When you adopt GitHub Enterprise Cloud with data residency, you can choose where your company's code and data are stored.

After you have worked with GitHub's Sales team to create an enterprise account with a dedicated URL on GHE.com, you'll use this guide to set up your enterprise. You will:

  • Add users by configuring authentication and provisioning with an identity management system
  • Set up billing for your enterprise
  • Optionally, migrate data from another platform
  • Learn about available features, including features that work differently or require additional configuration

After this initial setup, you'll be able to create organizations and repositories, collaborate on code, configure policies, and more.

Prerequisites

  • You must have been provisioned with an enterprise on GHE.com.

  • If you intend to pay with a Microsoft Azure subscription, you must have admin access to the Azure portal or work with someone to configure an admin consent workflow. For a full list of prerequisites, see Connecting an Azure subscription.

  • You must ensure that client systems trust GitHub's SSH key fingerprints and can access certain hostnames and IP addresses. See "Network details for GHE.com."

1. Add users to your enterprise

Enterprises on GHE.com use Enterprise Managed Users. To create user accounts and grant access to your new enterprise on GHE.com, you must configure authentication and SCIM provisioning. See Getting started with Enterprise Managed Users.

Sign in as the setup user

After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is a randomly generated shortcode, suffixed with _admin.

Using an incognito or private browsing window:

  1. Set the user's password.
  2. Save the user's recovery codes.

If you need to reset the password for your setup user, contact GitHub Support through the GitHub Support portal. The usual password reset option by providing your email address will not work.

Create a personal access token

Next, create a personal access token that you can use to configure provisioning.

  • You must be signed in as the setup user when you create the token.
  • The token must have at least the scim:enterprise scope.
  • The token must have no expiration.

To learn how to create a personal access token (classic), see "Managing your personal access tokens."

Configure authentication

Next, configure how your members will authenticate.

If you're using Entra ID as your IdP, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML).

  • We recommend OIDC, which includes support for Conditional Access Policies (CAP).
  • If you require multiple enterprises provisioned from one tenant, you can use SAML or OIDC for the first enterprise, but must use SAML for each additional enterprise.

If you're using another IdP, like Okta or PingFederate, you must use SAML to authenticate your members.

To get started, read the guide for your chosen authentication method.

Configure provisioning

After you configure authentication, you can configure SCIM provisioning, which is how your IdP will create managed user accounts on GitHub. See "Configuring SCIM provisioning for Enterprise Managed Users."

Manage organization membership

After authentication and provisioning are configured, you can start managing organization membership for your managed user accounts by synchronizing IdP groups with teams. See "Managing team memberships with identity provider groups."

2. Set up billing

To pay for licenses and services, you can use a credit card, PayPal, or a Microsoft Azure subscription.

3. Migrate data

Optionally, to migrate existing data to your new enterprise on GHE.com, you can use GitHub's migration tools.

  • If you're migrating from GitHub.com, GitHub Enterprise Server, Azure DevOps, or Bitbucket Server, you can migrate source code history and metadata with GitHub Enterprise Importer. See About GitHub Enterprise Importer.
  • If you're migrating from a different platform, see Migration paths to GitHub.

Example script for GitHub Enterprise Importer

The following script demonstrates the use of GitHub Enterprise Importer for migration of an individual source repository from GitHub.com to a target repository on GHE.com. The --target-api-url parameter sets your enterprise on GHE.com as the destination of the migration.

You can use the environment variable definitions in the script as an example to create additional commands that migrate data using GitHub Enterprise Importer.

In the following script, replace the following placeholder text with actual values.

PlaceholderDescription
TARGET-TOKENPersonal access token (PAT) for accessing the target enterprise on GHE.com
SOURCE-TOKENPAT for accessing the source resources on GitHub.com
TARGET-GHE-API-URLThe URL for accessing API endpoints for your enterprise. For example, if your enterprise's subdomain is octocorp, this value must be https://api.octocorp.ghe.com.
SOURCE-GH-ORGANIZATION-NAMEThe name of the source organization on GitHub.com.
SOURCE-GH-REPOSITORY-NAMEThe name of the source repository on GitHub.com.
TARGET-GHE-ORGANIZATION-NAMEThe name of the target organization on GHE.com.
TARGET-GHE-REPOSITORY-NAMEThe name of the target repository on GHE.com.
Bash
#!/bin/sh

export GH_PAT="TARGET-TOKEN"
export GH_SOURCE_PAT="SOURCE-TOKEN"
export TARGET_API_URL="TARGET-GHE-API-URL"
export GITHUB_SOURCE_ORG="SOURCE-GH-ORGANIZATION-NAME"
export SOURCE_REPO="SOURCE-GH-REPOSITORY-NAME"
export GITHUB_TARGET_ORG="TARGET-GHE-ORGANIZATION-NAME"
export TARGET_REPO="TARGET-GHE-REPOSITORY-NAME"

gh gei migrate-repo --target-api-url $TARGET_API_URL --github-source-org $GITHUB_SOURCE_ORG --source-repo $SOURCE_REPO --github-target-org $GITHUB_TARGET_ORG --target-repo $TARGET_REPO --verbose

4. Learn about GitHub's features

When you have completed the initial setup of your enterprise, you and your enterprise's members can start using GitHub's features.

The features available with data residency on GHE.com are similar to the features available to managed user accounts on GitHub.com, with some additions and exceptions. Some features work differently or require additional configuration compared to the equivalent feature on GitHub.com. See Feature overview for GitHub Enterprise Cloud with data residency.

Further reading