Skip to main content

Securing enterprise resources with single sign-on

Learn how to set up secure sign-on for organizations in your enterprise.

This article applies to enterprises that use personal accounts. If you use personal accounts, enabling SSO is an optional step you can take to secure your enterprise's resources.

If your enterprise uses managed users, SSO is mandatory, and all managed user accounts must authenticate through your identity provider (IdP) to sign in to GitHub. See 为企业托管用户配置 SAML 单一登录.

SAML 单一登录 (SSO) 使组织所有者和企业所有者能够控制和保护对组织资源(如仓库、议题和拉取请求)的访问。 See 关于企业 IAM 的 SAML.

You can configure SAML for your enterprise account to apply the same settings to all organizations, or you can configure settings for individual organizations. See 决定是为企业还是组织配置 SAML.

You can enable SAML SSO and centralized authentication through a SAML IdP across all organizations owned by your enterprise account. See 为企业配置 SAML 单点登录.

Supported identity providers

GitHub 支持 SAML SSO 与采用 SAML 2.0 标准的 IdP 一起使用。 有关详细信息,请参阅 OASIS 网站上的 SAML Wiki

GitHub 官方支持和内部测试以下 IdP。

  • Microsoft Active Directory 联合身份验证服务 (AD FS)
  • Microsoft Entra ID(以前称为 Azure AD)
  • Okta
  • OneLogin
  • PingOne
  • Shibboleth

For more information about connecting Microsoft Entra ID (previously known as Azure AD) to your enterprise, see Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Cloud - Enterprise Account in Microsoft Docs.

Next steps

Next, learn how to set up an organization in your enterprise. See Setting up an organization.