Organization owners have several features to help them keep their projects and data secure. If you're the owner of an organization, you should regularly review your organization's audit log, member 2FA status, and application settings to ensure that no unauthorized or malicious activity has occurred.

Adding outside collaborators to repositories in your organization

An outside collaborator is a person who isn't explicitly a member of your organization, but who has Read, Write, or Admin permissions to one or more repositories in your organization.

Removing an outside collaborator from an organization repository

Owners and repository admins can remove an outside collaborator's access to a repository.

Converting an organization member to an outside collaborator

If a current member of your organization only needs access to certain repositories, such as consultants or temporary employees, you can convert them to an outside collaborator.

Converting an outside collaborator to an organization member

If you would like to give an outside collaborator on your organization's repositories broader permissions within your organization, you can invite them to become a member of the organization.

Viewing whether users in your organization have 2FA enabled

You can see which organization owners, members, and outside collaborators have enabled two-factor authentication.

Requiring two-factor authentication in your organization

Organization owners can require organization members, outside collaborators, and billing managers to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.

Reinstating a former outside collaborator's access to your organization

If you required two-factor authentication in your organization and an outside collaborator was removed from the organization for not having 2FA enabled, you can reinstate a former outside collaborator's access permissions for organization repositories, forks, and settings.

Reviewing the audit log for your organization

The audit log allows organization admins to quickly review the actions performed by members of your organization. It includes details such as who performed the action, what the action was, and when it was performed.

Auditing applications owned by your organization

Review the applications managed by your organization to verify that no new applications with expansive permissions were authorized and that the callback URLs haven't changed.