diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md b/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md index b1df36fcf505..0375d7200a2c 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md +++ b/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md @@ -84,7 +84,7 @@ Organization memberships (and repository access) can be managed manually, or you ## Authentication for {% data variables.enterprise.prodname_managed_users %} -The locations where {% data variables.enterprise.prodname_managed_users %} can authenticate to {% data variables.product.prodname_dotcom %} depends on how you configure authentication (SAML or OIDC). See [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authenticating-with-a-managed-user-account). +The locations where {% data variables.enterprise.prodname_managed_users %} can authenticate to {% data variables.product.prodname_dotcom %} depends on how you configure authentication (SAML or OIDC). See [AUTOTITLE](/authentication/authenticating-with-single-sign-on/authenticating-with-a-managed-user-account). By default, when an unauthenticated user attempts to access your enterprise, {% data variables.product.company_short %} displays a 404 error. You can optionally enable automatic redirects to single sign-on (SSO) instead. See [AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users). diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md index 9c5c627a7e66..e0f829726a19 100644 --- a/content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md +++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md @@ -44,7 +44,7 @@ You can also configure and manage team synchronization for an individual organiz * You must use an Entra ID commercial tenant, not Gov Cloud. * You or your Entra ID administrator must be a Global administrator or a Privileged Role administrator in Entra ID. * You must enforce SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise). -* You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on). +* You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on). ## Managing team synchronization for Entra ID diff --git a/content/authentication/authenticating-with-saml-single-sign-on/index.md b/content/authentication/authenticating-with-saml-single-sign-on/index.md deleted file mode 100644 index ba934e29b05f..000000000000 --- a/content/authentication/authenticating-with-saml-single-sign-on/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Authenticating with SAML single sign-on -intro: 'You can authenticate to {% data variables.product.github %} with SAML single sign-on (SSO) and view your active sessions.' -redirect_from: - - /articles/authenticating-to-a-github-organization-with-saml-single-sign-on - - /articles/authenticating-with-saml-single-sign-on - - /github/authenticating-to-github/authenticating-with-saml-single-sign-on -versions: - ghec: '*' -topics: - - SSO -children: - - /authenticating-with-a-managed-user-account - - /about-authentication-with-saml-single-sign-on - - /authorizing-an-ssh-key-for-use-with-saml-single-sign-on - - /authorizing-a-personal-access-token-for-use-with-saml-single-sign-on - - /viewing-and-managing-your-active-saml-sessions -shortTitle: Authenticate with SAML ---- diff --git a/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md b/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md deleted file mode 100644 index 6be96391de74..000000000000 --- a/content/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Viewing and managing your active SAML sessions -intro: You can view and revoke your active SAML sessions in your settings. -redirect_from: - - /articles/viewing-and-managing-your-active-saml-sessions - - /github/authenticating-to-github/viewing-and-managing-your-active-saml-sessions - - /github/authenticating-to-github/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions -versions: - ghec: '*' -topics: - - SSO -type: how_to -shortTitle: Active SAML sessions ---- - -You can view a list of devices that have logged into your account, and revoke any SAML sessions that you don't recognize. - -{% data reusables.user-settings.access_settings %} -{% data reusables.user-settings.sessions %} -1. Under "Web sessions," you can see your active SAML sessions. -1. To see the session details, next to the session, click **See more**. -1. To revoke a session, in the session details, click **Revoke SAML**. - - > [!NOTE] - > When you revoke a session, you remove your SAML authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on). - -## Further reading - -* [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on) diff --git a/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md b/content/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on.md similarity index 58% rename from content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md rename to content/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on.md index 3941e72ef240..5dbc4d1120f0 100644 --- a/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md +++ b/content/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on.md @@ -1,15 +1,16 @@ --- -title: About authentication with SAML single sign-on +title: About authentication with single sign-on intro: 'You can access an organization that uses single sign-on (SSO) by authenticating through an identity provider (IdP).' redirect_from: - /articles/about-authentication-with-saml-single-sign-on - /github/authenticating-to-github/about-authentication-with-saml-single-sign-on - /github/authenticating-to-github/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on + - /authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on versions: ghec: '*' topics: - SSO -shortTitle: SAML single sign-on +shortTitle: Single sign-on --- ## About authentication with SSO @@ -19,7 +20,7 @@ Access to SSO protected `internal` resources in an enterprise, such as repositor If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will instead use a new account that is provisioned for you and controlled by your enterprise. {% data reusables.enterprise-accounts.emu-more-info-account %} -When you attempt to access most resources within an organization that uses SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SSO IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources. +When you attempt to access most resources within an organization that uses SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SSO identity provider (IdP) to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources. {% data reusables.saml.resources-without-sso %} @@ -29,23 +30,23 @@ If you have recently authenticated with your organization's SAML IdP in your bro {% data reusables.saml.you-must-periodically-authenticate %} -## Linked SAML identities +## Linked external identities -When you authenticate with your IdP account and return to {% data variables.product.prodname_dotcom %}, {% data variables.product.prodname_dotcom %} will record a link in the organization or enterprise between your {% data variables.product.prodname_dotcom %} personal account and the SAML identity you signed into. This linked identity is used to validate your membership in that organization, and depending on your organization or enterprise setup, is also used to determine which organizations and teams you're a member of as well. Each {% data variables.product.prodname_dotcom %} account can be linked to exactly one SAML identity per organization. Likewise, each SAML identity can be linked to exactly one {% data variables.product.prodname_dotcom %} account in an organization. +When you authenticate with your IdP account and return to {% data variables.product.prodname_dotcom %}, {% data variables.product.prodname_dotcom %} will record a link in the organization or enterprise between your {% data variables.product.prodname_dotcom %} personal account and the external identity you signed into. This linked identity is used to validate your membership in that organization, and depending on your organization or enterprise setup, is also used to determine which organizations and teams you're a member of as well. Each {% data variables.product.prodname_dotcom %} account can be linked to exactly one external identity per organization. Likewise, each external identity can be linked to exactly one {% data variables.product.prodname_dotcom %} account in an organization. -If you sign in with a SAML identity that is already linked to another {% data variables.product.prodname_dotcom %} account, you will receive an error message indicating that you cannot sign in with that SAML identity. This situation can occur if you are attempting to use a new {% data variables.product.prodname_dotcom %} account to work inside of your organization. If you didn't intend to use that SAML identity with that {% data variables.product.prodname_dotcom %} account, then you'll need to sign out of that SAML identity and then repeat the SAML login. If you do want to use that SAML identity with your {% data variables.product.prodname_dotcom %} account, you'll need to ask your admin to unlink your SAML identity from your old account, so that you can link it to your new account. Depending on the setup of your organization or enterprise, your admin may also need to reassign your identity within your SAML provider. For more information, see [AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity). +If you sign in with an external identity that is already linked to another {% data variables.product.prodname_dotcom %} account, you will receive an error message indicating that you cannot sign in with that identity. This situation can occur if you are attempting to use a new {% data variables.product.prodname_dotcom %} account to work inside of your organization. If you didn't intend to use that external identity with that {% data variables.product.prodname_dotcom %} account, then you'll need to sign out of that external identity and then repeat the SSO login. If you do want to use that external identity with your {% data variables.product.prodname_dotcom %} account, you'll need to ask your administrator to unlink your external identity from your old account, so that you can link it to your new account. Depending on the setup of your organization or enterprise, your admin may also need to reassign your identity within your identity provider. For more information, see [AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity). -If the SAML identity you sign in with does not match the SAML identity that is currently linked to your {% data variables.product.prodname_dotcom %} account, you'll receive a warning that you are about to relink your account. Because your SAML identity is used to govern access and team membership, continuing with the new SAML identity can cause you to lose access to teams and organizations inside of {% data variables.product.prodname_dotcom %}. Only continue if you know that you're supposed to use that new SAML identity for authentication in the future. +If the external identity you sign in with does not match the external identity that is currently linked to your {% data variables.product.prodname_dotcom %} account, you'll receive a warning that you are about to relink your account. As your external identity is used to govern access and team membership, continuing with the new external identity can cause you to lose access to teams and organizations inside of {% data variables.product.prodname_dotcom %}. Only continue if you know that you're supposed to use that new external identity for authentication in the future. -## Authorizing {% data variables.product.pat_generic %}s and SSH keys with SAML SSO +## Authorizing {% data variables.product.pat_generic %}s and SSH keys with SSO -To use the API or Git on the command line to access protected content in an organization that uses SAML SSO, you will need to use an authorized {% data variables.product.pat_generic %} over HTTPS or an authorized SSH key. +To use the API or Git on the command line to access protected content in an organization that uses SSO, you will need to use an authorized {% data variables.product.pat_generic %} over HTTPS or an authorized SSH key. If you don't have a {% data variables.product.pat_generic %} or an SSH key, you can create a {% data variables.product.pat_generic %} for the command line or generate a new SSH key. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) or [AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). -To use a new or existing {% data variables.product.pat_generic %} or SSH key with an organization that uses or enforces SAML SSO, you will need to authorize the token or authorize the SSH key for use with a SAML SSO organization. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on) or [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on). +To use a new or existing {% data variables.product.pat_generic %} or SSH key with an organization that uses or enforces SSO, you will need to authorize the token or authorize the SSH key for use with the organization. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on/authorizing-a-personal-access-token-for-use-with-single-sign-on) or [AUTOTITLE](/authentication/authenticating-with-single-sign-on/authorizing-an-ssh-key-for-use-with-single-sign-on). -## About {% data variables.product.prodname_oauth_apps %}, {% data variables.product.prodname_github_apps %}, and SAML SSO +## About {% data variables.product.prodname_oauth_apps %}, {% data variables.product.prodname_github_apps %}, and SSO You must have an active SSO session each time you authorize an {% data variables.product.prodname_oauth_app %} or {% data variables.product.prodname_github_app %} in order to access an organization that uses or enforces SSO. If you do not have an active session for an organization that requires SSO when you sign into the app, the app will be unable to access that organization. You can create an active SSO session by navigating to `https://github.com/orgs/ORGANIZATION-NAME/sso` or `https://github.com/enterprises/ENTERPRISE-NAME/sso` in your browser. diff --git a/content/authentication/authenticating-with-saml-single-sign-on/authenticating-with-a-managed-user-account.md b/content/authentication/authenticating-with-single-sign-on/authenticating-with-a-managed-user-account.md similarity index 100% rename from content/authentication/authenticating-with-saml-single-sign-on/authenticating-with-a-managed-user-account.md rename to content/authentication/authenticating-with-single-sign-on/authenticating-with-a-managed-user-account.md diff --git a/content/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on.md b/content/authentication/authenticating-with-single-sign-on/authorizing-a-personal-access-token-for-use-with-single-sign-on.md similarity index 84% rename from content/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on.md rename to content/authentication/authenticating-with-single-sign-on/authorizing-a-personal-access-token-for-use-with-single-sign-on.md index c7a464cbde2b..e01e0d22d1b1 100644 --- a/content/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on.md +++ b/content/authentication/authenticating-with-single-sign-on/authorizing-a-personal-access-token-for-use-with-single-sign-on.md @@ -1,16 +1,17 @@ --- -title: Authorizing a personal access token for use with SAML single sign-on -intro: 'To use a {% data variables.product.pat_v1 %} with an organization that uses SAML single sign-on (SSO), you must first authorize the token.' +title: Authorizing a personal access token for use with single sign-on +intro: 'To use a {% data variables.product.pat_v1 %} with an organization that uses single sign-on (SSO), you must first authorize the token.' redirect_from: - /articles/authorizing-a-personal-access-token-for-use-with-a-saml-single-sign-on-organization - /articles/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on - /github/authenticating-to-github/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on - /github/authenticating-to-github/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on + - /authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on versions: ghec: '*' topics: - SSO -shortTitle: '{% data variables.product.pat_generic_caps %} with SAML' +shortTitle: '{% data variables.product.pat_generic_caps %} with SSO' --- You must authorize your {% data variables.product.pat_v1 %} after creation before the token can access an organization that uses SAML single sign-on (SSO). Access to `internal` resources (repositories, projects, and packages) in an enterprise requires an SSO authorization for an organization within an enterprise. For more information about creating a new {% data variables.product.pat_v1 %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). {% data variables.product.pat_v2_caps %}s are authorized during token creation, before access to the organization is granted. @@ -21,6 +22,7 @@ You must authorize your {% data variables.product.pat_v1 %} after creation befor {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.developer_settings %} {% data reusables.user-settings.personal_access_tokens %} + 1. Next to the token you'd like to authorize, click **Configure SSO**. {% data reusables.saml.authenticate-with-saml-at-least-once %} ![Screenshot of a list entry for a {% data variables.product.pat_v1 %}. A dropdown menu, labeled "Configure SSO", is outlined in orange.](/assets/images/help/settings/sso-allowlist-button.png) @@ -30,4 +32,4 @@ You must authorize your {% data variables.product.pat_v1 %} after creation befor ## Further reading * [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) -* [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on) +* [AUTOTITLE](/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on) diff --git a/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md b/content/authentication/authenticating-with-single-sign-on/authorizing-an-ssh-key-for-use-with-single-sign-on.md similarity index 82% rename from content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md rename to content/authentication/authenticating-with-single-sign-on/authorizing-an-ssh-key-for-use-with-single-sign-on.md index 413947430e49..930b915fb221 100644 --- a/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md +++ b/content/authentication/authenticating-with-single-sign-on/authorizing-an-ssh-key-for-use-with-single-sign-on.md @@ -1,16 +1,17 @@ --- -title: Authorizing an SSH key for use with SAML single sign-on -intro: 'To use an SSH key with an organization that uses SAML single sign-on (SSO), you must first authorize the key.' +title: Authorizing an SSH key for use with single sign-on +intro: 'To use an SSH key with an organization that uses single sign-on (SSO), you must first authorize the key.' redirect_from: - /articles/authorizing-an-ssh-key-for-use-with-a-saml-single-sign-on-organization - /articles/authorizing-an-ssh-key-for-use-with-saml-single-sign-on - /github/authenticating-to-github/authorizing-an-ssh-key-for-use-with-saml-single-sign-on - /github/authenticating-to-github/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on + - /authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on versions: ghec: '*' topics: - SSO -shortTitle: SSH Key with SAML +shortTitle: SSH Key with SSO --- ## About authorization of SSH keys @@ -30,6 +31,7 @@ You do not need to authorize SSH certificates signed by your organization's SSH {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.ssh %} + 1. To the right of the SSH key you'd like to authorize, click **Configure SSO**. {% data reusables.saml.authenticate-with-saml-at-least-once %} ![Screenshot of the "Authentication Keys" section. Next to a key, a dropdown menu, labeled "Configure SSO," is outlined in orange.](/assets/images/help/settings/ssh-sso-button.png) @@ -38,4 +40,4 @@ You do not need to authorize SSH certificates signed by your organization's SSH ## Further reading * [AUTOTITLE](/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys) -* [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on) +* [AUTOTITLE](/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on) diff --git a/content/authentication/authenticating-with-single-sign-on/index.md b/content/authentication/authenticating-with-single-sign-on/index.md new file mode 100644 index 000000000000..a278924725a1 --- /dev/null +++ b/content/authentication/authenticating-with-single-sign-on/index.md @@ -0,0 +1,20 @@ +--- +title: Authenticating with single sign-on +intro: 'You can authenticate to {% data variables.product.github %} with single sign-on (SSO) and view your active sessions.' +redirect_from: + - /articles/authenticating-to-a-github-organization-with-saml-single-sign-on + - /articles/authenticating-with-saml-single-sign-on + - /github/authenticating-to-github/authenticating-with-saml-single-sign-on + - /authentication/authenticating-with-saml-single-sign-on +versions: + ghec: '*' +topics: + - SSO +children: + - /authenticating-with-a-managed-user-account + - /about-authentication-with-single-sign-on + - /authorizing-an-ssh-key-for-use-with-single-sign-on + - /authorizing-a-personal-access-token-for-use-with-single-sign-on + - /viewing-and-managing-your-active-sso-sessions +shortTitle: Authenticate with SSO +--- diff --git a/content/authentication/authenticating-with-single-sign-on/viewing-and-managing-your-active-sso-sessions.md b/content/authentication/authenticating-with-single-sign-on/viewing-and-managing-your-active-sso-sessions.md new file mode 100644 index 000000000000..4794dc262068 --- /dev/null +++ b/content/authentication/authenticating-with-single-sign-on/viewing-and-managing-your-active-sso-sessions.md @@ -0,0 +1,31 @@ +--- +title: Viewing and managing your active SSO sessions +intro: You can view and revoke your active SSO sessions in your settings. +redirect_from: + - /articles/viewing-and-managing-your-active-saml-sessions + - /github/authenticating-to-github/viewing-and-managing-your-active-saml-sessions + - /github/authenticating-to-github/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions + - /authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions +versions: + ghec: '*' +topics: + - SSO +type: how_to +shortTitle: Active SSO sessions +--- + +You can view a list of devices that have logged into your account, and revoke any SSO sessions that you don't recognize. + +{% data reusables.user-settings.access_settings %} +{% data reusables.user-settings.sessions %} + +1. Under "Web sessions," you can see your active SSO sessions. +1. To see the session details, next to the session, click **See more**. +1. To revoke a session, in the session details, click **Revoke session**. + + > [!NOTE] + > When you revoke a session, you remove your SSO authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on). + +## Further reading + +* [AUTOTITLE](/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on) diff --git a/content/authentication/index.md b/content/authentication/index.md index 085970cfb64d..dec3cb5bd5cd 100644 --- a/content/authentication/index.md +++ b/content/authentication/index.md @@ -29,7 +29,7 @@ featuredLinks: - /authentication/troubleshooting-ssh - /authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys - /authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account - - /authentication/authenticating-with-saml-single-sign-on + - /authentication/authenticating-with-single-sign-on - /authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits guideCards: - /authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials @@ -48,7 +48,7 @@ children: - /keeping-your-account-and-data-secure - /securing-your-account-with-two-factor-authentication-2fa - /authenticating-with-a-passkey - - /authenticating-with-saml-single-sign-on + - /authenticating-with-single-sign-on - /connecting-to-github-with-ssh - /troubleshooting-ssh - /managing-commit-signature-verification diff --git a/content/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization.md b/content/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization.md index e9826e2255d7..66a09d6c8581 100644 --- a/content/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization.md +++ b/content/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization.md @@ -51,7 +51,7 @@ The steps to enable team synchronization depend on the IdP you want to use. Ther You must enable SAML single sign-on for your organization and your supported IdP. For more information, see [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/enforcing-saml-single-sign-on-for-your-organization). -You must have a linked SAML identity. To create a linked identity, you must authenticate to your organization using SAML SSO and the supported IdP at least once. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on). +You must have a linked SAML identity. To create a linked identity, you must authenticate to your organization using SAML SSO and the supported IdP at least once. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on). > [!NOTE] > For team synchronization to work, your SAML settings must contain a valid IdP URL for the "Issuer" field. For more information, see [Enabling and testing SAML single sign-on for your organization](/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization#enabling-and-testing-saml-single-sign-on-for-your-organization). diff --git a/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md b/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md index b7957cdfc8cd..556d63867a60 100644 --- a/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md +++ b/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md @@ -71,7 +71,7 @@ Before you can connect a {% data variables.product.github %} team with an IdP gr To avoid unintentionally removing team members, visit the administrative portal for your IdP and confirm that each current team member is also in the IdP groups that you want to connect to this team. If you don't have this access to your identity provider, you can reach out to your IdP administrator. -You must authenticate using SAML SSO. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on). +You must authenticate using SAML SSO. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on). {% elsif ghes %} You must configure user provisioning with SCIM for {% data variables.location.product_location %}. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise). diff --git a/data/reusables/saml/authenticate-with-saml-at-least-once.md b/data/reusables/saml/authenticate-with-saml-at-least-once.md index 06f8ff59ca78..700001bfa579 100644 --- a/data/reusables/saml/authenticate-with-saml-at-least-once.md +++ b/data/reusables/saml/authenticate-with-saml-at-least-once.md @@ -1 +1 @@ -If you don't see **Configure SSO**, ensure that you have authenticated at least once through your SAML IdP to access resources on {% data variables.product.github %}. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on). +If you don't see **Configure SSO**, ensure that you have authenticated at least once through your identity provider to access resources on {% data variables.product.github %}. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on). diff --git a/data/reusables/saml/authorized-creds-info.md b/data/reusables/saml/authorized-creds-info.md index 8570c945458d..5bd1e131bad1 100644 --- a/data/reusables/saml/authorized-creds-info.md +++ b/data/reusables/saml/authorized-creds-info.md @@ -1,6 +1,7 @@ -Before you can authorize a {% data variables.product.pat_generic %} or SSH key, you must have a linked SAML identity. If you're a member of an organization where SAML SSO is enabled, you can create a linked identity by authenticating to your organization with your IdP at least once. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on). +Before you can authorize a {% data variables.product.pat_generic %} or SSH key, you must have a linked external identity. If you're a member of an organization where SSO is enabled, you can create a linked external identity by authenticating to your organization with your identity provider (IdP) at least once. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on/about-authentication-with-single-sign-on). After you authorize a {% data variables.product.pat_generic %} or SSH key, the token or key will stay authorized until revoked in one of the following ways. + * An organization or enterprise owner revokes the authorization. * You are removed from the organization. * The scopes in a {% data variables.product.pat_generic %} are edited, or the token is regenerated. diff --git a/data/reusables/saml/dotcom-saml-explanation.md b/data/reusables/saml/dotcom-saml-explanation.md index 8753760cb5b6..22eab68a5b78 100644 --- a/data/reusables/saml/dotcom-saml-explanation.md +++ b/data/reusables/saml/dotcom-saml-explanation.md @@ -1 +1 @@ -SAML single sign-on (SSO) gives organization owners and enterprise owners a way to control and secure access to organization resources like repositories, issues, and pull requests. +Single sign-on (SSO) gives organization owners and enterprise owners a way to control and secure access to organization resources like repositories, issues, and pull requests. diff --git a/data/reusables/saml/must-authorize-linked-identity.md b/data/reusables/saml/must-authorize-linked-identity.md index cd478ccd58e7..ba8d0e084c28 100644 --- a/data/reusables/saml/must-authorize-linked-identity.md +++ b/data/reusables/saml/must-authorize-linked-identity.md @@ -1,2 +1,2 @@ > [!NOTE] -> If you have a linked identity for an organization, you can only use authorized {% data variables.product.pat_generic %}s and SSH keys with that organization, even if SAML is not enforced. You have a linked identity for an organization if you've ever authenticated via SAML SSO for that organization, unless an organization or enterprise owner later revoked the linked identity. For more information about revoking linked identities, see [AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization) and [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise). +> If you have a linked identity for an organization, you can only use authorized {% data variables.product.pat_generic %}s and SSH keys with that organization, even if SSO is not enforced. You have a linked identity for an organization if you've ever authenticated via SSO for that organization, unless an organization or enterprise owner later revoked the linked identity. For more information about revoking linked identities, see [AUTOTITLE](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization) and [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise). diff --git a/data/reusables/saml/outside-collaborators-exemption.md b/data/reusables/saml/outside-collaborators-exemption.md index 394417801b9c..a6e54f9da5e7 100644 --- a/data/reusables/saml/outside-collaborators-exemption.md +++ b/data/reusables/saml/outside-collaborators-exemption.md @@ -1,2 +1,2 @@ > [!NOTE] -> SAML authentication is not required for outside collaborators. For more information about outside collaborators, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators). +> SSO authentication is not required for outside collaborators. For more information about outside collaborators, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators). diff --git a/data/reusables/saml/you-must-periodically-authenticate.md b/data/reusables/saml/you-must-periodically-authenticate.md index 0330e8c11550..6f091e443107 100644 --- a/data/reusables/saml/you-must-periodically-authenticate.md +++ b/data/reusables/saml/you-must-periodically-authenticate.md @@ -1 +1 @@ -You must periodically authenticate with your SAML IdP to authenticate and gain access to the organization's resources on {% data variables.product.prodname_dotcom %}. The duration of this login period is specified by your IdP and is generally 24 hours. This periodic login requirement limits the length of access and requires you to re-identify yourself to continue. You can view and manage your active SAML sessions in your security settings. For more information, see [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions). +You must periodically authenticate with your IdP to authenticate and gain access to the organization's resources on {% data variables.product.prodname_dotcom %}. The duration of this login period is 24 hours unless specified otherwise by your IdP. This periodic login requirement limits the length of access and requires you to re-identify yourself to continue. You can view and manage your active SSO sessions in your security settings. For more information, see [AUTOTITLE](/authentication/authenticating-with-single-sign-on/viewing-and-managing-your-active-sso-sessions).