Organizations administrators can enable both SAML single sign-on and two-factor authentication to add additional authentication measures for their organization members.

Note: This feature is only available on the Business plan.

Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization administrators limit the likelihood that a member's GitHub account could be compromised. For more information on 2FA, see "About two-factor authentication."

To add additional authentication measures, organization administrators can also enable SAML single sign-on (SSO) so that organization members must use single sign-on to access an organization. For more information on SAML SSO, see "About identity and access management with SAML single sign-on."

If both 2FA and SAML SSO are enabled, organization members must do the following:

  • Use 2FA to log in to their GitHub account
  • Use single sign-on to access the organization
  • Use an authorized token for API or Git access and use single sign-on to authorize the token

Further reading