Skip to main content

将团队与身份提供程序组同步

你可以将 GitHub Enterprise Server 团队与支持的标识提供者 (IdP) 组同步,以自动添加和删除团队成员。

谁可以使用此功能?

Organization owners and team maintainers can synchronize a GitHub team with an IdP group.

About team synchronization

If team sync is enabled for your organization or enterprise account, you can synchronize a GitHub team with an IdP group. When you synchronize a GitHub team with an IdP group, membership changes to the IdP group are reflected on GitHub Enterprise Server automatically, reducing the need for manual updates and custom scripts.

You can assign an IdP group to multiple GitHub Enterprise Server teams.

Once a GitHub team is connected to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on GitHub Enterprise Server.

Parent teams cannot synchronize with IdP groups. If the team you want to connect to an IdP group is a parent team, we recommend creating a new team or removing the nested relationships that make your team a parent team. For more information, see "About teams," "Creating a team," and "Moving a team in your organization’s hierarchy."

To manage repository access for any GitHub team, including teams connected to an IdP group, you must make changes with GitHub Enterprise Server. For more information, see "About teams" and "Managing team access to an organization repository."

Prerequisites

To connect a team on GitHub Enterprise Server to an IdP group, the team must already exist in your organization. Even if you have configured SCIM provisioning, creating a group in your IdP does not automatically create a team on GitHub Enterprise Server.

You must configure user provisioning with SCIM for your GitHub Enterprise Server instance. For more information, see "Configuring user provisioning with SCIM on GitHub Enterprise Server."

Note

SCIM for GitHub Enterprise Server is currently in private beta and is subject to change. For access to the beta, contact your account manager on GitHub's Sales team. Please provide feedback in the GitHub Community discussion.

Warning

The beta is exclusively for testing and feedback, and no support is available. GitHub recommends testing with a staging instance. For more information, see "Setting up a staging instance."

Connecting an IdP group to a team

When you connect an IdP group to a GitHub Enterprise Server team, all users in the group are automatically added to the team.

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Click the name of your organization.

  3. Under your organization name, click Teams.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with the people icon and "Teams," is outlined in dark orange.

  4. Click the name of the team.

  5. At the top of the team page, click Settings.

    Screenshot of the header of a team's page. A tab, labeled with a gear icon and "Settings", is outlined in dark orange.

  6. Click Save changes.

Disconnecting an IdP group from a team

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Click the name of your organization.

  3. Under your organization name, click Teams.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with the people icon and "Teams," is outlined in dark orange.

  4. Click the name of the team.

  5. At the top of the team page, click Settings.

    Screenshot of the header of a team's page. A tab, labeled with a gear icon and "Settings", is outlined in dark orange.

  6. Click Save changes.