Skip to main content

This version of GitHub Enterprise Server was discontinued on 2023-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

About identity and access management

Administrators for a GitHub Enterprise Server instance must decide how users will access the instance.

About IAM for GitHub Enterprise Server

Authentication methods

The following authentication methods are available for GitHub Enterprise Server.

Built-in authentication

When you use built-in authentication for your GitHub Enterprise Server instance, each person creates a personal account from an invitation or by signing up. To access your instance, people authenticate with the credentials for the account. For more information, see "Configuring built-in authentication."

External authentication

If you use an external directory or identity provider (IdP) to centralize access to multiple web applications, you may be able to configure external authentication for your GitHub Enterprise Server instance. For more information, see the following articles.

Note: You can use either SAML or LDAP, but not both.

If you choose to use external authentication, you can also configure fallback authentication for people who don't have an account on your external authentication provider. For example, you may want to grant access to a contractor or machine user. For more information, see "Allowing built-in authentication for users outside your provider."

About provisioning

Further reading