Skip to main content

Managing team memberships with identity provider groups

You can manage team membership on GitHub Enterprise Cloud through your identity provider (IdP) by connecting IdP groups with your managed usersを持つEnterprise.

To manage users in your enterprise with your identity provider, your enterprise must be enabled for Enterprise Managed Users, which are available with GitHub Enterprise Cloud. For more information, see "About Enterprise Managed Users."

About team management with Enterprise Managed Users

With Enterprise Managed Users, you can manage team membership within your enterprise through your IdP. When you connect a team in one of your enterprise's organizations to an IdP group, changes to membership from the IdP group are reflected in your enterprise automatically, reducing the need for manual updates and custom scripts.

When a change to an IdP group or a new team connection results in a 管理されているユーザアカウント joining a team in an organization they were not already a member of, the 管理されているユーザアカウント will automatically be added to the organization. Organization owners can also manage organization membership manually. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means.

You can connect a team in your enterprise to one IdP group. You can assign the same IdP group to multiple teams in your enterprise.

If you are connecting an existing team to an IdP group, you must first remove any members that were added manually. After you connect a team in your enterprise to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on

When group membership changes on your IdP, your IdP sends a SCIM request with the changes to according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning.

Teams connected to IdP groups cannot be parents of other teams nor a child of another team. If the team you want to connect to an IdP group is a parent or child team, we recommend creating a new team or removing the nested relationships that make your team a parent team.

To manage repository access for any team in your enterprise, including teams connected to an IdP group, you must make changes on For more information, see "Managing team access to an organization repository".

Creating a new team connected to an IdP group

Any member of an organization can create a new team and connect the team to an IdP group.

  1. In the top right corner of, click your profile photo, then click Your organizations. プロフィールメニューのあなたのOrganization
  2. Click the name of your organization. Organizationのリスト中のOrganization名
  3. Organization 名の下で、クリックします Teams. Teamsタブ
  4. Teamsタブの右側で、New team(新規Team)をクリックしてください。 新規Teamボタン
  5. "Create new team(新規Teamの作成)"の下で、新しいTeamの名前を入力してください。 Team名フィールド
  6. あるいは、"Description(説明)"フィールドにTeamの説明を入力してください。 Teamの説明フィールド
  7. To connect a team, select the "Identity Provider Groups" drop-down menu and click the team you want to connect. アイデンティティプロバイダグループを選択するドロップダウンメニュー
  8. Teamを見えるようにするか、秘密にするかを決めてください。 可視と秘密を含む可視性の選択肢
  9. Create team(Teamの作成)をクリックしてください。

Managing the connection between an existing team and an IdP group

Organization owners and team maintainers can manage the existing connection between an IdP group and a team.

Note: Before you connect an existing team on to an IdP group for the first time, all members of the team on must first be removed. For more information, see "Removing organization members from a team."

  1. In the top right corner of, click your profile photo, then click Your profile. プロフィール画像

  2. In the top right corner of, click your profile photo, then click Your organizations. プロフィールメニューのあなたのOrganization

  3. Organization 名の下で、クリックします Teams.


  4. Teamsタブで、Teamの名前をクリックしてください。 Organization の Team のリスト

  5. Team ページの上部で、 Settings(設定)をクリックしてください。 Team設定タブ

  6. Optionally, under "Identity Provider Group", to the right of the IdP group you want to disconnect, click . 接続した IdP グループを GitHub team から選択解除する

  7. To connect an IdP group, under "Identity Provider Group", select the drop-down menu, and click an identity provider group from the list. Drop-down menu to choose identity provider group

  8. [Save changes] をクリックします。

Viewing IdP groups, group membership, and connected teams

You can review a list of IdP groups, see any teams connected to an IdP group, and see the membership of each IdP group on GitHub Enterprise Cloud. You must edit the membership for a group on your IdP.

  1. GitHub.comの右上で、自分のプロフィール写真をクリックし、続いてYour enterprises(自分のEnterprise)をクリックしてください。 GitHub Enterprise Cloudのプロフィール写真のドロップダウンメニュー内の"Your enterprises"

  2. Enterpriseのリストで、表示したいEnterpriseをクリックしてください。 Enterpriseのリスト中のEnterpriseの名前

  3. To review a list of IdP groups, in the left sidebar, click Identity provider. Screenshot showing "Identity provider" tab in enterprise sidebar

  4. To see the members and teams connected to an IdP group, click the group's name. Screenshot showing list of IdP groups, the group name is highlighted

  5. To view the teams connected to the IdP group, click Teams. Screenshot showing the "Teams" button