This version of GitHub Enterprise Server was discontinued on 2024-01-04. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Synchronizing a team with an identity provider group

In this article

You can synchronize a GitHub Enterprise Server team with a supported identity provider (IdP) group to automatically add and remove team members.

Who can use this feature

Organization owners and team maintainers can synchronize a GitHub team with an IdP group.

About team synchronization

If team sync is enabled for your organization or enterprise account, you can synchronize a GitHub team with an IdP group. When you synchronize a GitHub team with an IdP group, membership changes to the IdP group are reflected on GitHub Enterprise Server automatically, reducing the need for manual updates and custom scripts.

You can assign an IdP group to multiple GitHub Enterprise Server teams.

Once a GitHub team is connected to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on GitHub Enterprise Server.

Parent teams cannot synchronize with IdP groups. If the team you want to connect to an IdP group is a parent team, we recommend creating a new team or removing the nested relationships that make your team a parent team. For more information, see "About teams," "Creating a team," and "Moving a team in your organization’s hierarchy."

To manage repository access for any GitHub team, including teams connected to an IdP group, you must make changes with GitHub Enterprise Server. For more information, see "About teams" and "Managing team access to an organization repository."

Prerequisites

To connect a team on GitHub Enterprise Server to an IdP group, the team must already exist in your organization. Even if you have configured SCIM provisioning, creating a group in your IdP does not automatically create a team on GitHub Enterprise Server.

You must configure user provisioning with SCIM for your GitHub Enterprise Server instance. For more information, see "Configuring user provisioning with SCIM for your enterprise."

Note: SCIM for GitHub Enterprise Server is currently in private beta and is subject to change. For access to the beta, contact your account manager on GitHub's Sales team. Please provide feedback in the GitHub Community discussion.

Warning: The beta is exclusively for testing and feedback, and no support is available. GitHub recommends testing with a staging instance. For more information, see "Setting up a staging instance."

Connecting an IdP group to a team

When you connect an IdP group to a GitHub Enterprise Server team, all users in the group are automatically added to the team.

  1. In the upper-right corner of GitHub Enterprise Server, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Click the name of your organization.

  3. Under your organization name, click Teams.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with the people icon and "Teams," is outlined in dark orange.

  4. Click the name of the team.

  5. At the top of the team page, click Settings.

    Screenshot of the header of a team's page. A tab, labeled with a gear icon and "Settings", is outlined in dark orange.

  6. Click Save changes.

Disconnecting an IdP group from a team

  1. In the upper-right corner of GitHub Enterprise Server, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Click the name of your organization.

  3. Under your organization name, click Teams.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with the people icon and "Teams," is outlined in dark orange.

  4. Click the name of the team.

  5. At the top of the team page, click Settings.

    Screenshot of the header of a team's page. A tab, labeled with a gear icon and "Settings", is outlined in dark orange.

  6. Click Save changes.