我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Managing team synchronization for your organization

You can enable and disable team synchronization between your identity provider (IdP) and your organization on GitHub.

Organization owners can manage team synchronization for an organization.

Team synchronization is available for organizations and enterprise accounts using GitHub Enterprise Cloud. 更多信息请参阅“GitHub 的产品”。

本文内容

Note: Team synchronization with Okta is currently in beta and subject to change.

关于团队同步

You can enable team synchronization between your IdP and GitHub to allow organization owners and team maintainers to connect teams in your organization with IdP groups.

When you synchronize a GitHub team with an IdP group, changes to the IdP group are reflected on GitHub automatically, reducing the need for manual updates and custom scripts. You can use an IdP with team synchronization to manage administrative tasks such as onboarding new members, granting new permissions for movements within an organization, and removing member access to the organization.

You can use team synchronization with supported IdPs.

  • Azure AD
  • Okta

After you enable team synchronization, team maintainers and organization owners can connect a team to an IdP group on GitHub or through the API. For more information, see "Synchronizing a team with an identity provider group" and "Team synchronization" in GitHub 开发者文档.

You can also enable team synchronization for organizations owned by an enterprise account. For more information, see "Enforcing security settings in your enterprise account."

启用团队同步

The steps to enable team synchronization depend on the IdP you want to use. There are prerequisites to enable team synchronization that apply to every IdP. Each individual IdP has additional prerequisites.

基本要求

To enable team synchronization with any IdP, you must obtain administrative access to your IdP or work with your IdP administrator to configure the IdP integration and groups. The person who configures your IdP integration and groups must have one of the required permissions.

IdPRequired permissions
Azure AD
  • Global administrator
  • Privileged Role administrator
Okta
  • Service user with read-only administrator permissions

You must enable SAML single sign-on for your organization and your supported IdP. For more information, see "Enforcing SAML single sign-on for your organization."

You must authenticate to your organization using SAML SSO and the supported IdP. For more information, see "Authenticating with SAML single sign-on."

Enabling team synchronization for Azure AD

To enable team synchronization for Azure AD, your Azure AD installation needs the following permissions:

  • 读取所有用户的完整个人资料
  • 登录和读取用户个人资料
  • 读取目录数据
  1. 在 GitHub 的右上角,单击您的个人资料照片,然后单击 Your profile(您的个人资料)
    个人资料照片
  2. 在您的个人资料页面左侧的“Organizations(组织)”下,单击组织的图标。
    组织图标
  3. 在组织名称下,单击 Settings(设置)
    组织设置按钮
  4. 在组织设置侧边栏中,单击 Security(安全)
    安全设置
  5. 确认 SAML SSO 已启用。 更多信息请参阅“管理组织的 SAML 单点登录”。
  6. Under "Team synchronization", click Enable for Azure AD.
    安全设置页面上的启用团队同步按钮
  7. 要确认团队同步:
    • 如果您有 IdP 访问权限,则单击 Enable team synchronization(启用团队同步)。 您将被重定向到身份提供程序的 SAML SSO 页面,并要求选择您的帐户和查看请求的权限。
    • 如果您没有 IdP 访问权限,请复制 IdP 重定向链接并将其与您的 IdP 管理员共享以继续启用团队同步。
      启用团队同步重定向按钮
  8. 查看要与组织连接的身份提供程序租户信息,然后单击 Approve(批准)
    启用特定 IdP 租户团队同步且含有批准或取消请求选项的待处理请求

Enabling team synchronization for Okta

要对 Okta 启用团队同步,您或 IdP 管理员必须:

  1. 在 GitHub 的右上角,单击您的个人资料照片,然后单击 Your profile(您的个人资料)
    个人资料照片
  2. 在您的个人资料页面左侧的“Organizations(组织)”下,单击组织的图标。
    组织图标
  3. 在组织名称下,单击 Settings(设置)
    组织设置按钮
  4. 在组织设置侧边栏中,单击 Security(安全)
    安全设置
  5. 确认 SAML SSO 已启用。 更多信息请参阅“管理组织的 SAML 单点登录”。
  6. Under "Team synchronization", click Enable for Okta.
    Enable team synchronization for Okta button on security settings page
  7. Under your organization's name, type a valid SSWS token and the URL to your Okta instance.
    Enable team synchronization Okta organization form
  8. Review the identity provider tenant information you want to connect to your organization, then click Create.
    Enable team synchronization create button

禁用团队同步

Warning: When you disable team synchronization, any team members that were assigned to a GitHub team through the IdP group are removed from the team and may lose access to repositories.

  1. 在 GitHub 的右上角,单击您的个人资料照片,然后单击 Your profile(您的个人资料)
    个人资料照片
  2. 在您的个人资料页面左侧的“Organizations(组织)”下,单击组织的图标。
    组织图标
  3. 在组织名称下,单击 Settings(设置)
    组织设置按钮
  4. 在组织设置侧边栏中,单击 Security(安全)
    安全设置
  5. 在“Team synchronization(团队同步)”下,单击 Disable team synchronization(禁用团队同步)
    禁用团队同步

问问别人

找不到要找的内容?

联系我们