Before your developers can use GitHub Enterprise Cloud with Enterprise Managed Users, you must follow a series of configuration steps.
Create a new enterprise account
To use Enterprise Managed Users, you need a separate type of enterprise account with Enterprise Managed Users enabled.
To request a new enterprise account, contact GitHub's Sales team. You'll discuss options for trialing Enterprise Managed Users or migrating from an existing enterprise.
When you're ready, your contact on the GitHub Sales team will create your new 具有托管用户的企业. You'll be asked to provide the following information:
- The email address for the user who will set up your enterprise.
- A short code that will be used as the suffix for your enterprise members' usernames. 短代码必须是企业唯一的,长度为 3 ~ 8 个字符,由字母和数字组成,不包含特殊字符。
Create the setup user
After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is your enterprise's shortcode suffixed with _admin, for example fabrikam_admin.
Using an incognito or private browsing window:
- Set the user's password.
- Save the user's recovery codes.
- Enable two-factor authentication. See "配置双重身份验证."
如果需要重置设置用户的密码,请通过 GitHub 支持门户 联系 GitHub 支持。
Configure authentication
Next, configure how your members will authenticate.
If you're using Entra ID as your IdP, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML).
- We recommend OIDC, which includes support for Conditional Access Policies (CAP).
- If you require multiple enterprises provisioned from one tenant, you must use SAML for each enterprise after the first.
If you're using another IdP, like Okta or PingFederate, you must use SAML to authenticate your members.
To get started, read the guide for your chosen authentication method.
- "Configuring OIDC for Enterprise Managed Users"
- "Configuring SAML single sign-on for Enterprise Managed Users"
Configure provisioning
After you configure authentication, you can configure SCIM provisioning, which is how your IdP will create 托管用户帐户 on GitHub. See "Configuring SCIM provisioning for Enterprise Managed Users."
Manage organization membership
After authentication and provisioning are configured, you can start managing organization membership for your 托管用户帐户 by synchronizing IdP groups with teams. See "Managing team memberships with identity provider groups."
Support developers with multiple user accounts
Developers may need to maintain separate, personal accounts for their work outside of your 具有托管用户的企业. You can help them manage multiple accounts by providing the following resources: