Managing SAML single sign-on for your organization

If you centrally manage your users' identities and applications with an identity provider (IdP), you can configure Security Assertion Markup Language (SAML) single sign-on (SSO) to protect your organization's resources on GitHub.

With System for Cross-domain Identity Management (SCIM), administrators can automate the exchange of user identity information between systems.

To use SAML single sign-on and SCIM, you must connect your identity provider (IdP) to your organization on GitHub Enterprise Cloud.

You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on GitHub.com.

Organization owners and admins can enable SAML single sign-on to add an extra layer of security to their organization.

Before you enforce SAML single sign-on in your organization, you should verify your organization's membership and configure the connection settings to your identity provider.

Organization owners and admins can enforce SAML SSO so that all organization members must authenticate via an identity provider (IdP).

Organization owners should download their organization's SAML single sign-on recovery codes to ensure that they can access GitHub Enterprise Cloud even if the identity provider for the organization is unavailable.

You can enable and disable team synchronization between your identity provider (IdP) and your organization on GitHub Enterprise Cloud.

You can disable SAML single sign-on (SSO) for your organization.

Organization owners can sign into GitHub Enterprise Cloud even if their identity provider is unavailable by bypassing single sign-on (SSO) and using their recovery codes.

Review and resolve common troubleshooting errors for managing your organization's SAML SSO, team synchronization, or identity provider (IdP) connection.