Organization administrators can manage organization members' identities and access to the organization with SAML single sign-on.

Note: This feature is only available on the Business plan.

About identity and access management with SAML single sign-on

Using Security Assertion Markup Language (SAML) web browser single sign-on (SSO), administrators can use an identity provider to manage the identities of their users and the applications they use. Organization members can authenticate with an identity provider that grants access to your GitHub organization.

About SCIM

With System for Cross-domain Identity Management (SCIM), administrators can automate the exchange of user identity information between systems.

Connecting your identity provider to your organization

To use SAML single sign-on and SCIM, you must connect your identity provider to your GitHub organization.

Enabling and testing SAML single sign-on for your organization

Organization owners and admins can enable SAML single sign-on to add an extra layer of security to their organization.

Preparing to enforce SAML single sign-on in your organization

Before you enforce SAML single sign-on in your organization, you should verify your organization's membership and configure the connection settings to your identity provider.

Enforcing SAML single sign-on for your organization

Organization owners and admins can enforce SAML SSO so that all organization members must authenticate via an identity provider.

Downloading your organization's SAML single sign-on recovery codes

Organization administrators should download their organization's SAML single sign-on recovery codes to ensure that they can access GitHub even if the identity provider for the organization is unavailable.

Accessing your organization if your identity provider is unavailable

Organization administrators can sign into GitHub even if their identity provider is unavailable by bypassing single sign-on and using their recovery codes.